VYPR
High severityNVD Advisory· Published Jul 3, 2023· Updated Nov 22, 2024

zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module

CVE-2023-36814

Description

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of Products.CMFCore, such as Plone. All deployments are vulnerable. The code has been fixed in Products.CMFCore version 3.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Products.CMFCorePyPI
>= 3.0, < 3.23.2
Products.CMFCorePyPI
< 2.7.12.7.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.