Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.

Remediation

References

CVE-2012-5506

Related Vulnerabilities

WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)

Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6172)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

WordPress 4.3.x Same Origin Method Execution (SOME) Vulnerability (4.3 - 4.3.3)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)

Severity

Medium

Classification

CVE-2012-5506

Tags

Missing Update Known Vulnerabilities