2 matches found
be.orbinson.aem:aemaacs-opentelemetry-instrumentation.core (=1.2.0), biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=1.2.8 <=4.2.1) +604 more potentially affected by CVE-2013-2254 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.3.0)
org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =1.2.8, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =3.1.1, =3.1.1, =0.0.1, =0.0.8 - com.adobe.aem.commons:assetshare.ui.apps =1.9.6 - com.adobe.aem.commons:assetshare.ui.content =1.9.6 and more Source cves:...
CVE-2013-2254
CVE-2013-2254 affects Apache Sling’s org.apache.sling.servlets.post.bundle in deepGetOrCreateNode (AbstractCreateOperation.java). The root cause is improper handling of a NULL value when the session lacks permissions to the root node, enabling remote denial of service via an infinite loop in Slin...