CVERadar

CVE-2024-49363

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00073/1

CVE-2024-49363 is a denial-of-service vulnerability in the Misskey federated social media platform. Specifically, versions 2024.10.1 and earlier of Misskey's FileServerService (media proxy) are susceptible to self-propagating reflected/amplified DDoS attacks. The vulnerability arises from the service's failure to detect proxy loops. This allows attackers to craft malicious notes that trigger unbounded recursion through nested proxy requests, overwhelming the server until the original request times out. With an SVRS score of 30, while not critical, this vulnerability still presents a risk, particularly if exploited in conjunction with other vulnerabilities. Users are advised to upgrade to version 2024.11.0-alpha.3 or implement reverse proxy configurations to mitigate the risk. The vulnerability is classified as CWE-405, Resource Leak, further highlighting the potential for resource exhaustion and service disruption.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-49363 | Misskey amplification (GHSA-gq5q-c77c-v236)

vuldb.com2025-02-17

CVE-2024-49363 | Misskey amplification (GHSA-gq5q-c77c-v236) | A vulnerability classified as problematic has been found in Misskey. This affects an unknown part. The manipulation leads to asymmetric resource consumption. This vulnerability is uniquely identified as CVE-2024-49363. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

rss

forum

news

Social Media

CVE

@CVEnew

2024-12-18

CVE-2024-49363 Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in https://t.co/L7uCMvfFcW 2024.10.1 or earlie… https://t.co/rZ7MT5jNwW

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v236

CWE Details

CWE ID	CWE Name	Description
CWE-674	Uncontrolled Recursion	The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CWE-405	Asymmetric Resource Consumption (Amplification)	Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence