PYSEC-2007-4

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2007-4.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2007-4
Aliases
Published
2007-11-07T21:46:00Z
Modified
2024-11-25T22:42:36.352429Z
Summary
[none]
Details

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5
Fixed
2.5.5

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0
Fixed
3.0.3