Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1308

Node.infinity.json contains risk for DOS.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Servlets Get 2.0.8
    • Fix Version/s: Servlets Get 2.1.0
    • Component/s: Servlets
    • Labels:
      None

      Description

      As it is now any user can do a node.infinity.json .
      If this happens on the root node in a repository with many items, it will cause the server to slow down (eventually crash?)
      I've created a patch confirming the discussion @ http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results

        Attachments

        1. jsonRenderer.diff
          19 kB
          Simon Gaeremynck
        2. jsonRenderer.diff
          17 kB
          Simon Gaeremynck

          Activity

            People

            • Assignee:
              ianeboston Ian Boston
              Reporter:
              gaeremyncks Simon Gaeremynck
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: