Calendar name length not validated before writing to database
Package
Server
(Nextcloud)
Affected versions
< 23.0.10, < 24.0.5
Patched versions
23.0.10, 24.0.5
Server
(Nextcloud Enterprise)
< 23.0.10, < 24.0.5
23.0.10, 24.0.5
Impact
An attacker can send unnecessary amount of data against the database
Patches
It is recommended that the Nextcloud Server is upgraded to 23.0.10 or 24.0.5
It is recommended that the Nextcloud Enterprise Server is upgraded to 23.0.10 or 24.0.5
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: