GoogleOSV:GHSA-H6RP-MPRM-XGCQplone.rest vulnerable to Denial of Service when ++api++ is used many times
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
41.4%
Impact
When the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive.
Patches
Patches will be released in plone.rest 2.0.1 and 3.0.1. Series 1.x is not affected.
Workarounds
In your frontend web server (nginx, Apache) you can redirect /++api++/++api++ to /++api++.
References
www.openwall.com/lists/oss-security/2023/09/22/2
github.com/plone/plone.rest
github.com/plone/plone.rest/commit/43b4a7e86206e237e1de5ca3817ed071575882f7
github.com/plone/plone.rest/commit/77846a9842889b24f35e8bedc2e9d461388d3302
github.com/plone/plone.rest/security/advisories/GHSA-h6rp-mprm-xgcq
github.com/pypa/advisory-database/tree/main/vulns/plone-rest/PYSEC-2023-178.yaml
nvd.nist.gov/vuln/detail/CVE-2023-42457
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
41.4%