MEDIUM🇬🇧 English

CVE-2023-45150

CVSS 4.3v3.1pub. 2023-10-16upd. 2024-11-21

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • Nextcloud Calendar

    APP
    Nextcloud
    1.0 – 4.4.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-45286MEDIUM4.3ten sam produkt

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 t...

CVE-2025-66511MEDIUM4.8ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tok...

CVE-2025-66550MEDIUM5.7ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a...

CVE-2024-37316MEDIUM4.6ten sam produkt

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated...

CVE-2022-24838MEDIUM5.3ten sam produkt

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointmen...