EUVD-2026-33835
GHSA-rwpc-73j7-c566
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approach. The exploit has been made public and could be used.
AnalysisAI
Denial of service conditions in SourceCodester Customer Review App 1.0 can be triggered by a locally authenticated low-privilege user through crafted input to the add_review, save_review, or get_all_reviews functions in review_app.py. Manipulation of the name or comment arguments causes improper resource shutdown or release (CWE-404), resulting in application unavailability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have local, authenticated access to the system running Customer Review App 1.0 with at least low operating system privileges (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 3.3 (Low) accurately reflects the constrained real-world impact: the attack vector is Local (AV:L), requiring the attacker to already have a presence on the host; privileges required are Low (PR:L), meaning at minimum a standard user account is needed; and the impact is limited entirely to Availability at a Low level (C:N/I:N/A:L), with no confidentiality or integrity consequence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A locally authenticated user with standard (low-privilege) OS access invokes the review application and supplies a crafted value - such as an oversized string or a null byte - to the name or comment parameter of the add_review or save_review function. The application fails to properly close or release the underlying resource, causing the process to crash or hang, rendering the review functionality unavailable until manually restarted. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the CPE version field remains a wildcard with no fixed-version record in the NVD or VulDB data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today