—

PYSEC-2014-52

Details

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 2.1 Fixed in: 4.1.1

Fix pip install --upgrade 'plone>=4.1.1'

References

https://bugzilla.redhat.com/show_bug.cgi?id=978449 [REPORT]
http://plone.org/products/plone-hotfix/releases/20130618 [WEB]
http://plone.org/products/plone/security/advisories/20130618-announcement [ADVISORY]
http://seclists.org/oss-sec/2013/q3/261 [WEB]