Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2254 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2024-11-21 | 5.0 MEDIUM | N/A |
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | |||||
CVE-2012-2138 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2024-11-21 | 5.0 MEDIUM | N/A |
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. |