Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
High severity
GitHub Reviewed
Published
Jul 3, 2023
in
zopefoundation/Products.CMFCore
•
Updated Oct 14, 2024
Description
Published by the National Vulnerability Database
Jul 3, 2023
Published to the GitHub Advisory Database
Jul 5, 2023
Reviewed
Jul 5, 2023
Last updated
Oct 14, 2024
Impact
The use of Python's marshal module to handle unchecked input in a public method on
PortalFolderobjects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top ofProducts.CMFCore, such as Plone. All deployments are vulnerable.Patches
The code has been fixed in
Products.CMFCoreversion 3.2.Workarounds
Users can make the affected
decodeFolderFiltermethod unreachable by editing thePortalFolder.pymodule inProducts.CMFCoreby hand and then restarting Zope. Go to line 233 ofPortalFolder.pyand remove both the@security.publicdecorator fordecodeFolderFilteras well as the method's entire docstring. This is safe because the method is not actually used by current code.References
Credits
Thanks go to Nicolas VERDIER from onepoint.
For more information
If you have any questions or comments about this advisory:
References