PT-2023-20692 · Apache · Apache Sling Resource Merger

Alex Collignon

Publicado

2023-03-20

Atualizado

2023-03-29

CVE-2023-26513

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Sling Resource Merger versions 1.2.0 through 1.4.2

Description The issue is related to an Excessive Iteration vulnerability in the Apache Sling Resource Merger.

Recommendations For versions 1.2.0 through 1.4.2, update to version 1.4.2 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-26513

GHSA-RWRX-X2HW-9H5W

Apache Sling Resource Merger