CVE-2024-54730

High

Published: 14 January 2025

Published

14 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0004 11.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.

Security Summary

CVE-2024-54730 is a denial-of-service vulnerability in Flatnotes versions prior to 5.3.1, specifically exploitable through the upload image function. This issue, linked to CWE-400 (Uncontrolled Resource Consumption), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high severity due to significant availability impact with no effects on confidentiality or integrity.

A remote attacker requires no authentication or privileges and can exploit the vulnerability over the network with low complexity and no user interaction. Successful exploitation results in a denial of service, potentially disrupting the Flatnotes web server.

Mitigation involves upgrading to Flatnotes version 5.3.1 or later. Further details on the vulnerability and remediation are documented in the GitHub issue at https://github.com/dullage/flatnotes/issues/259 and the CVE advisory at https://github.com/Startr4ck/CVE_lists/blob/main/flatnotes/flatnotes%20webserver%20dos.md.

Details

CWE(s): CWE-400

References

https://github.com/Startr4ck/CVE_lists/blob/main/flatnotes/flatnotes%20webserver%20dos.md
cve@mitre.org
https://github.com/dullage/flatnotes/issues/259
cve@mitre.org