PYSEC-2014-67

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/products-cmfplone/PYSEC-2014-67.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2014-67

Aliases

CVE-2013-7060
GHSA-rg52-j87w-pf83
PYSEC-2014-65

Published

2014-05-02T14:55:00Z

Modified

2023-11-01T04:45:20.319264Z

Summary

[none]

Details

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

References

https://plone.org/security/20131210/path-leak
http://www.openwall.com/lists/oss-security/2013/12/10/15
http://www.openwall.com/lists/oss-security/2013/12/12/3

Affected packages

PyPI / products-cmfplone

Package

Name: products-cmfplone; View open source insights on deps.dev
Purl: pkg:pypi/products-cmfplone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

4.3.3

Affected versions

4.*

4.0b1

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.0.1

4.2.1

4.2.1.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2