How severe is CVE-2023-37900?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2023-37900?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2023-37900 - LOW Severity | CVSS 2.7

Vulnerability Description

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.

Related Vulnerabilities

CVE-2021-21296

LOW

CVSS:2.7(Low)

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in den...

CWE-4002021

CVE-2022-41969

LOW

CVSS:2.7(Low)

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator ca...

CWE-4002022

CVE-2023-28440

LOW

CVSS:2.7(Low)

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout...

CWE-4002023

CVE-2024-23824

LOW

CVSS:2.7(Low)

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in t...

CWE-4002024

CVE-2025-30681

LOW

CVSS:2.7(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulne...

CWE-4002025

CVE-2025-3985

MEDIUM

CVSS:2.7(Low)

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\...

CWE-4002025