The vulnerability of the software for the RESTful API used to manage content in Plone CMS (plone.rest) involves an uncontrolled resource consumption, which allows a hacker to cause a service failure.

The vulnerability of the software for the RESTful API used to manage content in Plone CMS plone.rest is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

PYSEC-2023-178

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

PYSEC-2023-178

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in plone.rest versions 2.0.0 and 3.0.0, which stems from a denial of service DoS when a traverser is used multiple times in a URL, which can make the processing time longer...

PT-2023-6514 · Unknown · Plone.Rest

Name of the Vulnerable Software and Affected Versions: plone.rest versions 2.0.0 through 2.0.1 plone.rest versions 3.0.0 through 3.0.1 Description: The issue is related to the ++api++ traverser in plone.rest, which allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. When...