(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Max CVSS
3.5
EPSS Score
2.25%
Published
2014-03-11
Updated
2014-03-12
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
Max CVSS
4.3
EPSS Score
0.87%
Published
2014-03-11
Updated
2014-03-12
2 vulnerabilities found