GHSA-hf26-vvmx-x8c8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hf26-vvmx-x8c8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hf26-vvmx-x8c8/GHSA-hf26-vvmx-x8c8.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hf26-vvmx-x8c8
- Aliases
-
- CVE-2007-5741
- PYSEC-2007-4
- Published
- 2022-05-01T18:36:14Z
- Modified
- 2024-11-26T16:50:13Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Arbitrary Code Execution via Unsafe Handling of Pickles
- Details
-
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
- Database specific
{ "nvd_published_at": "2007-11-07T21:46:00Z", "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-09-22T21:57:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-5741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
- https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
- https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
- https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
- http://plone.org/about/security/advisories/cve-2007-5741
- http://www.debian.org/security/2007/dsa-1405
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone