Description
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md
Scores
CVSS v3
6.5
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
macrozheng/mall-tiny
1.0.1
Published
Jan 31, 2025
Tracked Since
Feb 18, 2026