CVE-2023-42457: plone.rest vulnerable to Denial of Service when ++api++ is used many times
(updated )
When the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive.
References
- github.com/advisories/GHSA-h6rp-mprm-xgcq
- github.com/plone/plone.rest
- github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7
- github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302
- github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq
- github.com/pypa/advisory-database/tree/main/vulns/plone-rest/PYSEC-2023-178.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-42457
Code Behaviors & Features
Detect and mitigate CVE-2023-42457 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →