{"id":"PYSEC-2014-38","details":"kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.","aliases":["CVE-2012-5496","GHSA-gx6w-hcw3-5r37"],"modified":"2023-11-08T03:57:09.114193Z","published":"2014-09-30T14:55:00Z","references":[{"type":"WEB","url":"https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"},{"type":"WEB","url":"https://plone.org/products/plone-hotfix/releases/20121106"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/10/1"},{"type":"ADVISORY","url":"https://plone.org/products/plone/security/advisories/20121106/12"}],"affected":[{"package":{"name":"plone","ecosystem":"PyPI","purl":"pkg:pypi/plone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.6"}]}],"versions":["3.2","3.2.1","3.2.2","3.2.3","3.2a1","3.2rc1","3.3","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3b1","3.3rc1","3.3rc2","3.3rc3","3.3rc4","3.3rc5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-38.yaml"}}],"schema_version":"1.7.3"}