CVE-2023-52075

ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:revanced:revanced:*:*:*:*:*:*:*:*

History

04 Jan 2024, 16:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:revanced:revanced::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Revanced revanced Revanced
References	~~() https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q -~~	() https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q - Vendor Advisory

27 Dec 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-27 20:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-52075

Mitre link : CVE-2023-52075

CVE.ORG link : CVE-2023-52075

JSON object : View

Products Affected

revanced

revanced

CWE

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2023-52075", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-27T20:15:19.300", "references": [{"url": "https://github.com/ReVanced/revanced-api/security/advisories/GHSA-852x-grxp-8p3q", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Up to and including commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2, ReVanced API lacks error caching causing rate limit to be triggered thus increasing server load. This causes a denial of service for all users using the API. It is recommended to implement proper error caching.\n"}, {"lang": "es", "value": "Las solicitudes de proxy de API de ReVanced son necesarias para alimentar con datos al ReVanced Manage y al sitio web. Hasta el commit 71f81f7f20cd26fd707335bca9838fa3e7df20d2 incluida, la API ReVanced carece de almacenamiento en cach\u00e9 de errores, lo que provoca que se active el l\u00edmite de velocidad, lo que aumenta la carga del servidor. Esto provoca una denegaci\u00f3n de servicio para todos los usuarios que utilizan la API. Se recomienda implementar un almacenamiento en cach\u00e9 de errores adecuado."}], "lastModified": "2024-01-04T16:16:36.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:revanced:revanced:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EA2A9F8-C844-4F67-A698-3BA4374B6329", "versionEndIncluding": "2023-11-25"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}