GHSA-p5wr-vp8g-q5p4

Suggest an improvement
Source
https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-p5wr-vp8g-q5p4/GHSA-p5wr-vp8g-q5p4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p5wr-vp8g-q5p4
Aliases
Published
2018-07-12T14:45:15Z
Modified
2024-10-18T21:45:49.465259Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Plone Sandbox Escape
Details

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-134"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:48:01Z"
}
References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0
Fixed
4.3.12

Affected versions

4.*

4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1a1
Fixed
5.1b1

Affected versions

5.*

5.1a1
5.1a2

Database specific

{
    "last_known_affected_version_range": "<= 5.1a2"
}

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0rc1
Fixed
5.0.7

Affected versions

5.*

5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6