[jira] Created: (SLING-1308) Node.infinity.json contains risk for DOS.

Simon Gaeremynck (JIRA) Wed, 20 Jan 2010 16:27:28 -0800

Node.infinity.json contains risk for DOS.
-----------------------------------------


                 Key: SLING-1308
                 URL: https://issues.apache.org/jira/browse/SLING-1308
             Project: Sling
          Issue Type: Bug
          Components: Servlets
    Affects Versions: Servlets Get 2.0.8
            Reporter: Simon Gaeremynck
            Priority: Critical
         Attachments: jsonRenderer.diff

As it is now any user can do a node.infinity.json .
If this happens on the root node in a repository with many items, it will cause 
the server to slow down (eventually crash?)
I've created a patch confirming the discussion @ 
http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (SLING-1308) Node.infinity.json contains risk for DOS.

Reply via email to