Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.
History

Fri, 22 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-03T16:48:36.149Z

Updated: 2024-11-22T16:42:47.644Z

Reserved: 2023-06-27T15:43:18.383Z

Link: CVE-2023-36814

cve-icon Vulnrichment

Updated: 2024-08-02T17:01:09.673Z

cve-icon NVD

Status : Modified

Published: 2023-07-03T17:15:09.393

Modified: 2024-11-21T08:10:39.240

Link: CVE-2023-36814

cve-icon Redhat

No data.