GHSA-97rj-p794-wq6m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-97rj-p794-wq6m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-97rj-p794-wq6m/GHSA-97rj-p794-wq6m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-97rj-p794-wq6m
- Aliases
-
- CVE-2012-5498
- PYSEC-2014-40
- Published
- 2022-05-17T04:01:59Z
- Modified
- 2024-10-14T21:45:51.921637Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone denial of service via Caching Bypass
- Details
-
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
- Database specific
{ "nvd_published_at": "2014-09-30T14:55:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed_at": "2023-08-29T20:40:42Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-5498
- https://access.redhat.com/errata/RHSA-2014:1194
- https://access.redhat.com/security/cve/CVE-2012-5498
- https://bugzilla.redhat.com/show_bug.cgi?id=874665
- https://github.com/plone/Plone
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-40.yaml
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/14
- https://web.archive.org/web/20130528001715/https://plone.org/products/plone-hotfix/releases/20121106
- https://web.archive.org/web/20131103191705/https://plone.org/products/plone/security/advisories/20121106/14
- http://rhn.redhat.com/errata/RHSA-2014-1194.html
- http://www.openwall.com/lists/oss-security/2012/11/09/7
- http://www.openwall.com/lists/oss-security/2012/11/10/1
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.3
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone