Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-03T16:48:36.149Z
Updated: 2024-11-22T16:42:47.644Z
Reserved: 2023-06-27T15:43:18.383Z
Link: CVE-2023-36814
Vulnrichment
Updated: 2024-08-02T17:01:09.673Z
NVD
Status : Modified
Published: 2023-07-03T17:15:09.393
Modified: 2024-11-21T08:10:39.240
Link: CVE-2023-36814
Redhat
No data.