Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.
References
Link | Resource |
---|---|
https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5 | Mitigation Patch Vendor Advisory |
https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-03T16:48:36.149Z
Updated: 2023-07-03T16:50:21.234Z
Reserved: 2023-06-27T15:43:18.383Z
Link: CVE-2023-36814
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-03T17:15:09.393
Modified: 2023-07-17T18:56:57.120
Link: CVE-2023-36814
JSON object: View
Redhat Information
No data.
CWE