Impact
The /api/v0/pastes endpoint in anna‑is‑cute paste v0.1.1 permits attackers to trigger a denial of service when sending a specially crafted POST request. The weakness causes the application to consume excessive resources, preventing legitimate users from accessing the service. The vulnerability is identified with CWE-400, indicating an uncontrolled resource consumption flaw. The impact is limited to service availability; there is no direct compromise of confidentiality or integrity reported.
Affected Systems
The vulnerability affects the anna‑is‑cute paste application version 0.1.1. No other versions are listed, and the vendor/product information is limited to the application itself.
Risk and Exploitability
With a CVSS score of 7.5, the flaw is considered high severity. The EPSS score is below 1 percent, indicating a low probability of exploitation in the wild. The vulnerability is not listed in CISA KEV, suggesting that no widespread, documented exploits are known. Based on the description, the most likely attack vector involves a remote attacker sending a crafted HTTP POST request to the /api/v0/pastes endpoint, which triggers resource exhaustion. The exploit requires no special privileges or authentication, making it relatively easy for an attacker to attempt. Consequently, while exploitation risk is low, organizations should treat it as high severity due to the potential disruption of service.
OpenCVE Enrichment