CVE-2022-37034

Name of the Vulnerable Software and Affected Versions dotCMS versions 5.x through 22.06

Description The issue allows an attacker to call the TempResource multiple times, requesting the dotCMS server to download a large file each time. If done repeatedly, this will result in Tomcat request-thread exhaustion, ultimately leading to a denial of any other requests.

Recommendations For dotCMS versions 5.x through 22.06, consider restricting access to the TempResource to minimize the risk of exploitation, as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.