CVE-2026-53653 in Gravinformación

Resumen

por MITRE • 2026-07-10

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request parameters to ImageMedium magic actions without a dimension or pixel ceiling. This issue is fixed in versions 1.7.53 and 2.0.0-rc.8.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

GitHub M

Reservar

2026-06-09

Divulgación

2026-07-10

Moderación

aceptado

Artículo

VDB-377540

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!