PYSEC-2017-57

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-57.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-57

Aliases

CVE-2016-4043
GHSA-6h8x-73fx-q2h9

Published

2017-02-24T20:59:00Z

Modified

2023-11-01T04:46:57.290770Z

Summary

[none]

Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

References

https://plone.org/security/hotfix/20160419/bypass-restricted-python
http://www.openwall.com/lists/oss-security/2016/04/20/3

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0rc1

Fixed

5.1a2

Affected versions

5.*

5.0rc1

5.0rc2

5.0rc3

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-57.yaml"