Description

(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).

Remediation

References

CVE-2013-4199

Related Vulnerabilities

Moodle Improper Authentication Vulnerability (CVE-2022-0985)

WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)

Moodle Improper Following of Specification by Caller Vulnerability (CVE-2019-14829)

MySQL CVE-2018-3054 Vulnerability (CVE-2018-3054)

Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)

Severity

Low

Classification

CVE-2013-4199 CWE-20

Tags

Missing Update Known Vulnerabilities