[SLING-1308] Node.infinity.json contains risk for DOS. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: Servlets Get 2.0.8
Fix Version/s: Servlets Get 2.1.0
Component/s: Servlets
Labels:
None

Description

As it is now any user can do a node.infinity.json .
If this happens on the root node in a repository with many items, it will cause the server to slow down (eventually crash?)
I've created a patch confirming the discussion @ http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

jsonRenderer.diff
21/Jan/10 00:26
17 kB
Simon Gaeremynck
jsonRenderer.diff
21/Jan/10 17:15
19 kB
Simon Gaeremynck

Activity

People

Assignee:: Ian Boston

Reporter:: Simon Gaeremynck

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Jan/10 00:25

Updated:: 22/Feb/13 12:20

Resolved:: 22/Feb/13 12:20