oss-sec mailing list archives

CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS

From: Radu Cotescu <radu () apache org>
Date: Mon, 20 Mar 2023 12:11:45 +0000

Description:

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache 
Sling Resource Merger: from 1.2.0 before 1.4.2.

This issue is being tracked as SLING-11776 

Credit:

 Alex Collignon (reporter)

References:

https://sling.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-26513
https://issues.apache.org/jira/browse/SLING-11776

Current thread:

CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu (Mar 20)