Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647756 - www-apps/wordpress: DoS vulnerability (CVE-2018-6389)
Summary: www-apps/wordpress: DoS vulnerability (CVE-2018-6389)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://baraktawily.blogspot.de/2018/...
Whiteboard: ~3 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-15 18:09 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-27 04:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-15 18:09:03 UTC
CVE-2018-6389 (https://nvd.nist.gov/vuln/detail/CVE-2018-6389):
  In WordPress through 4.9.2, unauthenticated attackers can cause a denial of
  service (resource consumption) by using the large list of registered .js
  files (from wp-includes/script-loader.php) to construct a series of requests
  to load every file many times.


While the CVE text is only about 4.9.2, this vulnerability is still unpatched and therefore present in current 4.9.4 release.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-03-27 04:02:55 UTC
NO longer in tree. Vulnerable versions have been removed.