GHSA-w3pw-qxjj-6prr

Source

https://github.com/advisories/GHSA-w3pw-qxjj-6prr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3pw-qxjj-6prr/GHSA-w3pw-qxjj-6prr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w3pw-qxjj-6prr

Aliases

CVE-2013-4188
PYSEC-2014-52

Published

2022-05-17T04:49:49Z

Modified

2024-10-15T17:24:27.044658Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Plone Authenticated Denial of Service vulnerability

Details

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."

Database specific

{
    "nvd_published_at": "2014-03-11T19:37:00Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed_at": "2023-08-29T18:27:23Z"
}

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3

Fixed

4.3.2

Affected versions

4.*

4.3

4.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3pw-qxjj-6prr/GHSA-w3pw-qxjj-6prr.json"

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2

Fixed

4.2.6

Affected versions

4.*

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3pw-qxjj-6prr/GHSA-w3pw-qxjj-6prr.json"

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1

Fixed

4.1.1

Affected versions

3.*

3.2a1

3.2rc1

3.2

3.2.1

3.2.2

3.2.3

3.3b1

3.3rc1

3.3rc2

3.3rc3

3.3rc4

3.3rc5

3.3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

4.*

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0b1

4.0b2

4.0b3

4.0b4

4.0b5

4.0rc1

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

Database specific

last_known_affected_version_range

"<= 4.1"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3pw-qxjj-6prr/GHSA-w3pw-qxjj-6prr.json"