GHSA-8w48-m6hx-rjw2

Suggest an improvement
Source
https://github.com/advisories/GHSA-8w48-m6hx-rjw2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8w48-m6hx-rjw2/GHSA-8w48-m6hx-rjw2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8w48-m6hx-rjw2
Aliases
  • CVE-2011-3587
Published
2022-05-17T05:37:39Z
Modified
2024-12-03T05:26:28.676704Z
Summary
Zope Command Execution Vulnerability
Details

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Database specific
{
    "nvd_published_at": "2011-10-10T10:55:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-15T18:14:23Z"
}
References

Affected packages

PyPI / zope2

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.12.0
Fixed
2.12.20

Affected versions

2.*

2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.12.10
2.12.11
2.12.12
2.12.13
2.12.14
2.12.15
2.12.16
2.12.17
2.12.18
2.12.19

PyPI / zope2

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.13.0
Fixed
2.13.10

Affected versions

2.*

2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9