PYSEC-2014-55
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-55.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2014-55
- Aliases
-
- CVE-2013-4191
- GHSA-grwx-4p5v-9g2g
- Published
- 2014-03-11T19:37:00Z
- Modified
- 2023-11-01T04:45:09.676673Z
- Summary
- [none]
- Details
-
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
- References
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.1Fixed4.1.1Introduced4.2Fixed4.2.6Introduced4.3Fixed4.3.2
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3
4.3.1