Moderate severityNVD Advisory· Published Jul 9, 2012· Updated Jun 16, 2026
CVE-2012-2138
CVE-2012-2138
Description
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.sling:org.apache.sling.servlets.postMaven | < 2.1.2 | 2.1.2 |
Affected products
2- cpe:2.3:a:apache:org.apache.sling.servlets.post:*:*:*:*:*:*:*:*Range: <=2.1.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-342c-f869-5m44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2138ghsaADVISORY
- mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg@mail.gmail.com%3EghsaWEB
- svn.apache.org/viewvcnvdWEB
- github.com/apache/sling-org-apache-sling-servlets-post/commit/0205892908d6ea755645be5fc16e9df53e2e7261ghsaWEB
- issues.apache.org/jira/browse/SLING-2517nvdWEB
- mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg%40mail.gmail.com%3Envd
News mentions
0No linked articles in our index yet.