2 matches found
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
PT-2025-40309
Name of the Vulnerable Software and Affected Versions Volto versions 16.34.0 through 16.34.1 Volto versions 17.0.0 through 17.22.1 Volto versions 18.0.0 through 18.27.1 Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.5 Description An anonymous user can cause the NodeJS server part of Volto to...