Description

A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.

Related CPE's

a

evershop

evershop

*

*

*

*

*

node.js

Vulnerable

References

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67419

Third Party Advisory

https://github.com/evershopcommerce/evershop

Product

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-1050

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-05T20:16:03.223Z

1 week ago

Last modified

2026-01-12T18:12:10.180Z

6 hours ago