Description
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Import Export Lite Security Bypass (3.9.4)
WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)
WordPress Plugin WP Symposium Cross-Site Scripting (11.11.26)
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40898)
Jenkins Missing Authorization Vulnerability (CVE-2021-21694)