Plone Denial of Service vulnerability
Moderate severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated Sep 29, 2023
Description
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 29, 2023
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References