CVE-2013-4188: Plone Authenticated Denial of Service vulnerability

May 17, 2022 (updated October 15, 2024)

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to “retrieving information for certain resources.”

References

bugzilla.redhat.com/show_bug.cgi?id=978449
github.com/advisories/GHSA-w3pw-qxjj-6prr
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-52.yaml
nvd.nist.gov/vuln/detail/CVE-2013-4188

Code Behaviors & Features

Detect and mitigate CVE-2013-4188 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →