PYSEC-2011-22
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-22.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2011-22
- Aliases
-
- CVE-2011-4462
- GHSA-pcwm-8jc3-qxvj
- Published
- 2011-12-30T01:55:00Z
- Modified
- 2023-11-08T03:57:01.752099Z
- Summary
- [none]
- Details
-
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
- References
-
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.kb.cert.org/vuls/id/903934
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://secunia.com/advisories/47406
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72018
- https://github.com/advisories/GHSA-pcwm-8jc3-qxvj
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.4
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3