CVE-2011-4462 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=0 <4.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00893 pctl0.74706

Details

Plone Denial of Service vulnerability Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Metadata

Created: 2018-07-23T19:50:52Z
Modified: 2024-10-11T21:04:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-pcwm-8jc3-qxvj/GHSA-pcwm-8jc3-qxvj.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-pcwm-8jc3-qxvj
Finding: F184
Auto approve: 1