zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
CVE-2023-36814
7.5HIGH
What is CVE-2023-36814?
A denial of service vulnerability exists in the Zope Content Management Framework (CMF) due to the improper handling of unchecked input in the Python marshal module within the PortalFolder objects. This security weakness allows unauthenticated users to exploit the public method, potentially causing application crashes across all portal software utilizing the vulnerable Products.CMFCore. This affects all deployments relying on version 3.2 and earlier of the framework. The issue has been resolved in the recent update of Products.CMFCore.
Affected Version(s)
Products.CMFCore < 3.2
