CVE-2025-67419

High CVSS: 7.5

A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.

Vendor

Evershop

Product

Evershop

CWE

CWE-1050

Yayın Tarihi

2026-01-05 20:16:03

Güncelleme

2026-01-12 18:12:10

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1050 Evershop HIGH Evershop 2026

Referanslar

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67419 https://github.com/evershopcommerce/evershop

Benzer Kayıtlar

Critical

CVE-2026-28213

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password"…

Critical

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application e…

Medium

CVE-2025-67427

A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to…

High

CVE-2025-65844

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/im…

Medium

CVE-2025-12919

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graph…