Homepage
About Snyk

org.apache.sling:org.apache.sling.servlets.post@2.3.4 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sling:org.apache.sling.servlets.post package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.23 or higher.

[,2.3.23)
  • H
Information Exposure

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

[2.1.2,2.3.8)
  • M
Denial of Service (DoS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

Affected versions of this package are vulnerable to Denial of Service (DoS). The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

How to fix Denial of Service (DoS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.24 or higher.

[2.2.0,2.3.24)
Go back to all versions of this package