ReportizFlow
Filtered by vendor Apache
Subscriptions
Filtered by product Org.apache.sling.servlets.post
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2254 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2024-11-21 | N/A |
| The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | ||||
| CVE-2012-2138 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2024-11-21 | N/A |
| The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. | ||||
Page 1 of 1.