Apache Sling Resource Merger is vulnerable to Denial of Service (DoS). The vulnerability is due to a faulty iteration logic in the function getRelativePath
in MergedResourceProvider
, triggering an infinite loop and consuming excessive CPU memory, possibly leading to a system crash.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling resource merger | le | 1.4.0 | |
apache sling resource merger | le | 1.4.0 |