Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Volto affected by possible DoS by invoking specific URL by anonymous user
Vulnerability Description
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
Volto 安全漏洞
Vulnerability Description
Volto是Plone Foundation开源的一个内容管理系统。 Volto 19.0.0-alpha.4和18.24.0之前版本存在安全漏洞,该漏洞源于匿名用户访问特定URL可能导致NodeJS服务器退出。
CVSS Information
N/A
Vulnerability Type
N/A