PYSEC-2023-178

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

PYSEC-2023-178

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in plone.rest versions 2.0.0 and 3.0.0, which stems from a denial of service DoS when a traverser is used multiple times in a URL, which can make the processing time longer...

PT-2023-6514 · Unknown · Plone.Rest

Name of the Vulnerable Software and Affected Versions: plone.rest versions 2.0.0 through 2.0.1 plone.rest versions 3.0.0 through 3.0.1 Description: The issue is related to the ++api++ traverser in plone.rest, which allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. When...