CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
37.7%
The use of Python’s marshal module to handle unchecked input in a public method on PortalFolder
objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of Products.CMFCore
, such as Plone. All deployments are vulnerable.
The code has been fixed in Products.CMFCore
version 3.2.
Users can make the affected decodeFolderFilter
method unreachable by editing the PortalFolder.py
module in Products.CMFCore
by hand and then restarting Zope. Go to line 233 of PortalFolder.py
and remove both the @security.public
decorator for decodeFolderFilter
as well as the method’s entire docstring. This is safe because the method is not actually used by current code.
Thanks go to Nicolas VERDIER from onepoint.
If you have any questions or comments about this advisory:
Vendor | Product | Version | CPE |
---|---|---|---|
zope | products.cmfcore | * | cpe:2.3:a:zope:products.cmfcore:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-4hpj-8rhv-9x87
github.com/pypa/advisory-database/tree/main/vulns/products-cmfcore/PYSEC-2023-113.yaml
github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5
github.com/zopefoundation/Products.CMFCore/commit/c1847a9042abe7965271fa73762dfe091b576de
github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87
nvd.nist.gov/vuln/detail/CVE-2023-36814