Description
A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approach. The exploit has been made public and could be used.
Published: 2026-06-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in SourceCodester Customer Review App 1.0, specifically in the review_app.py module. Manipulating the arguments name or comment sent to the add_review, save_review, or get_all_reviews functions causes a denial of service by crashing the application. The flaw is classified as CWE‑404, indicating an improper resource shutdown that allows legitimate requests to exhaust system resources.

Affected Systems

Affected systems are installations of SourceCodester Customer Review App version 1.0. No additional version details are disclosed, and the product is identified by the corresponding CPE record for this application.

Risk and Exploitability

The CVSS score of 4.8 signifies a moderate impact, and the lack of an EPSS score and absence from the CISA KEV catalog suggest no high probability of widespread exploitation. Because the attack requires a local approach, only users with local access or compromised hosts can trigger the denial of service. Organizations should evaluate whether local users or staff can abuse this flaw and consider it a moderate risk to service availability.

Generated by OpenCVE AI on June 1, 2026 at 23:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor's patch or upgrade to a version that removes the malicious argument handling in the review module.
  • If an official fix is not yet released, restrict or disable the add_review, save_review, and get_all_reviews endpoints for unauthenticated users, or enforce strict access control so only trusted administrators can access them.
  • Implement rate limiting and input validation on the review submission and retrieval routes to prevent repeated fault triggers, and monitor application logs for abnormal request patterns.

Generated by OpenCVE AI on June 1, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approach. The exploit has been made public and could be used.
Title SourceCodester Customer Review App review_app.py get_all_reviews denial of service
First Time appeared Sourcecodester
Sourcecodester customer Review App
Weaknesses CWE-404
CPEs cpe:2.3:a:sourcecodester:customer_review_app:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester customer Review App
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Customer Review App
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T21:45:15.763Z

Reserved: 2026-05-31T17:58:04.358Z

Link: CVE-2026-10295

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-01T23:16:18.377

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-10295

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:00:14Z

Weaknesses