Description
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy PayPal Events Unspecified Vulnerability (1.1.6)
WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)
WebLogic CVE-2024-21006 Vulnerability (CVE-2024-21006)
Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4030)