Improper Input Validation
CVE-2013-4199
Summary
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1, in Zope before 2.12.28 and 2.13.x before 2.13.21 and in plone.app.linkintegrity up to 1.5.2 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
- MEDIUM
- NETWORK
- SINGLE
- NONE
- NONE
- PARTIAL
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
Advisory Timeline
- Published