You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2010/12/21 09:48:02 UTC
[jira] Updated: (SLING-1308) Node.infinity.json contains risk for
DOS.
[ https://issues.apache.org/jira/browse/SLING-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler updated SLING-1308:
------------------------------------
Fix Version/s: Servlets Get 2.1.0
This has been released with 2.1.0
> Node.infinity.json contains risk for DOS.
> -----------------------------------------
>
> Key: SLING-1308
> URL: https://issues.apache.org/jira/browse/SLING-1308
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.0.8
> Reporter: Simon Gaeremynck
> Assignee: Ian Boston
> Priority: Critical
> Fix For: Servlets Get 2.1.0
>
> Attachments: jsonRenderer.diff, jsonRenderer.diff
>
>
> As it is now any user can do a node.infinity.json .
> If this happens on the root node in a repository with many items, it will cause the server to slow down (eventually crash?)
> I've created a patch confirming the discussion @ http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.