{"id":"CVE-2022-37034","details":"In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.","modified":"2026-04-10T04:49:48.720522Z","published":"2023-02-01T23:15:09.337Z","references":[{"type":"ADVISORY","url":"https://www.dotcms.com/security/SI-65"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"fixed":"42b7b5d96dc181f72e7182e5e6b1f9889c13f093"},{"introduced":"01031f2babd0dee6b4360656206e1f5015deef2e"},{"fixed":"11042a81859b31ac599335a6649b2d6fb616d52b"},{"introduced":"cd47f803452f1ec7a122f499bba63591e601f283"},{"fixed":"48f1f38a195794dc0e7c40136aa319c1a13f7c5f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"21.06.12"},{"introduced":"5.2.0"},{"fixed":"22.10"},{"introduced":"22.03"},{"fixed":"22.03.4"}]}}],"versions":["3.0","3.5","3.5_Preview01","3.5_Preview02","3.6.0","pre3.5buildrevert","v21.06","v21.06.1","v21.06.10","v21.06.3","v21.06.4","v21.06.5","v21.06.6","v21.06.7","v21.06.8","v22.03","v22.03.1","v22.03.2","v22.03.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}