Apache Sling POST Servlets Denial of Service Vulnerability

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...

GHSA-342C-F869-5M44 Apache Sling POST Servlets Denial of Service Vulnerability

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.aem:aem-sdk-api (=2020.6.3800.20200626T210738Z-200604) +38 more potentially affected by CVE-2016-0956 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.3.4)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.13.0, =5.5.0, =5.6.2, =5.5.0, =5.5.74, =1.0.0, =2.1.1, =2.5.0, =2.4.0, =2.5.0, =4.3.5 and more Source cves: CVE-2016-0956 Source advisory: OSV:GHSA-M27M-628V-XXP2...