CVE-2023-36814

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36814

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36814.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-36814

Aliases

Published

2023-07-03T17:15:09Z

Modified

2024-10-12T10:59:27.822668Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of Products.CMFCore, such as Plone. All deployments are vulnerable. The code has been fixed in Products.CMFCore version 3.2.

References

Affected packages

Git / github.com/zopefoundation/products.cmfcore

Affected ranges

Type: GIT
Repo: https://github.com/zopefoundation/products.cmfcore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

40f03f43a60f28ca9485c8ef429efef729be54e5

Affected versions

2.*

2.4.0

2.4.0b1

2.4.0b3

2.4.0b4

2.4.0b5

2.4.0b6

2.4.0b7

2.4.0b8

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.7.0

3.*

3.0

3.1