Description
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Remediation
References
Related Vulnerabilities
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2006-20001)
SugarCRM Other Vulnerability (CVE-2006-6712)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7852)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)