VYPR

CWE-248

Uncaught Exception

BaseDraft

Description

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Hierarchy (View 1000)

Children

CVEs mapped to this weakness (125)

page 7 of 7
  • CVE-2021-25971Oct 20, 2021
    risk 0.00cvss epss 0.01

    In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file

  • CVE-2021-22964Oct 14, 2021
    risk 0.00cvss epss 0.01

    A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS…

  • CVE-2021-37714Aug 18, 2021
    risk 0.00cvss epss 0.07

    jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop…

  • CVE-2021-23900Jan 13, 2021
    risk 0.00cvss epss 0.02

    OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

  • CVE-2017-18871Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.