Description
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Remediation
References
Related Vulnerabilities
WordPress Plugin Fast Image Adder Arbitrary File Upload (1.1)
Python Other Vulnerability (CVE-2006-1542)
MySQL CVE-2020-2577 Vulnerability (CVE-2020-2577)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)