Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 647756

Summary: www-apps/wordpress: DoS vulnerability (CVE-2018-6389)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://baraktawily.blogspot.de/2018/02/how-to-dos-29-of-world-wide-websites.html
Whiteboard: ~3 [upstream cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-15 18:09:03 UTC 
CVE-2018-6389 (https://nvd.nist.gov/vuln/detail/CVE-2018-6389):
  In WordPress through 4.9.2, unauthenticated attackers can cause a denial of
  service (resource consumption) by using the large list of registered .js
  files (from wp-includes/script-loader.php) to construct a series of requests
  to load every file many times.


While the CVE text is only about 4.9.2, this vulnerability is still unpatched and therefore present in current 4.9.4 release.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-03-27 04:02:55 UTC 
NO longer in tree. Vulnerable versions have been removed.