CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS
First published: Mon Mar 20 2023(Updated: )
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Sling Resource Merger | >=1.2.0<1.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this excessive iteration vulnerability?
The vulnerability ID is CVE-2023-26513.
Which software is affected by this vulnerability?
The Apache Sling Resource Merger software is affected by this vulnerability.
What is the severity rating for this vulnerability?
The severity rating for this vulnerability is high.
How can I fix this vulnerability?
To fix this vulnerability, update Apache Sling Resource Merger to version 1.4.2 or later.
What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?
The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-834.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/apache
- canonical/apache sling resource merger
- version/apache sling resource merger/1.2.0