Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Org.apache.sling.servlets.post
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2254 1 Apache 2 Org.apache.sling.servlets.post, Sling 2023-12-10 5.0 MEDIUM N/A
The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
CVE-2012-2138 1 Apache 2 Org.apache.sling.servlets.post, Sling 2023-12-10 5.0 MEDIUM N/A
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.