GHSA-xfjq-9rxq-ph6m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xfjq-9rxq-ph6m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xfjq-9rxq-ph6m/GHSA-xfjq-9rxq-ph6m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xfjq-9rxq-ph6m
- Aliases
-
- CVE-2013-4199
- PYSEC-2014-63
- Published
- 2022-05-17T04:49:45Z
- Modified
- 2024-10-17T21:22:18.712114Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Denial of Service vulnerability via decompressing large zip archives
- Details
-
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
- Database specific
{ "nvd_published_at": "2014-03-11T19:37:00Z", "severity": "LOW", "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2023-08-29T18:25:40Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4199
- https://bugzilla.redhat.com/show_bug.cgi?id=978482
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1