CVE-2025-49000

Low CVSS: 3.5

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.

Vendor

Inventree Project

Product

Inventree

CWE

CWE-400

Yayın Tarihi

2025-06-03 21:15:22

Güncelleme

2025-12-17 15:10:49

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-400 Inventree LOW Inventree Project 2025

Referanslar

https://github.com/inventree/InvenTree/commit/0826a75ef6dde0ad96d680f52a9cf171ba2ce98b https://github.com/inventree/InvenTree/releases/tag/0.17.13 https://github.com/inventree/InvenTree/security/advisories/GHSA-m2ch-h84r-p9r6

Benzer Kayıtlar

High

CVE-2026-33530

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with b…

Medium

CVE-2026-33531

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the r…

Medium

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be h…