Kenneth Lavrsen

**Name of the Vulnerable Software and Affected Versions** TWiki versions 20010901 through 20040904 TWiki version 4.0 TWiki version 4.0.1 **Description** The issue allows remote authenticated users with edit rights to cause a denial of service. This is achieved through INCLUDE by URL statements that form a loop, such as a page that includes itself, leading to infinite recursion and consumption of CPU and memory. **Recommendations** For TWiki versions 20010901 through 20040904, consider restricting the use of INCLUDE by URL statements to prevent loops. For TWiki version 4.0, avoid using self-including pages to minimize the risk of exploitation. For TWiki version 4.0.1, restrict access to edit rights to minimize the potential for denial of service attacks.