Description
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
Remediation
References
Related Vulnerabilities
WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7950)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)