Sling
  1. Sling
  2. SLING-1308

Node.infinity.json contains risk for DOS.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: Servlets Get 2.0.8
    • Fix Version/s: Servlets Get 2.1.0
    • Component/s: Servlets
    • Labels:
      None

      Description

      As it is now any user can do a node.infinity.json .
      If this happens on the root node in a repository with many items, it will cause the server to slow down (eventually crash?)
      I've created a patch confirming the discussion @ http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results

      1. jsonRenderer.diff
        17 kB
        Simon Gaeremynck
      2. jsonRenderer.diff
        19 kB
        Simon Gaeremynck

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Ian Boston
            Reporter:
            Simon Gaeremynck
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development