GHSA-p5wr-vp8g-q5p4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-p5wr-vp8g-q5p4/GHSA-p5wr-vp8g-q5p4.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-p5wr-vp8g-q5p4
- Aliases
- Published
- 2018-07-12T14:45:15Z
- Modified
- 2024-10-18T21:45:49.465259Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Sandbox Escape
- Details
-
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-134" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:48:01Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-5524
- https://github.com/plone/Products.CMFPlone/pull/1912
- https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
- https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
- https://plone.org/security/hotfix/20170117/sandbox-escape
- http://www.openwall.com/lists/oss-security/2017/01/18/6
- http://www.securityfocus.com/bid/95679
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone