PYSEC-2020-90

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-90.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-90

Aliases

Published

2020-01-23T21:15:00Z

Modified

2023-11-01T04:53:40.551410Z

Summary

[none]

Details

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

References

Affected packages

PyPI / plone

Package

Name: plone; View open source insights on deps.dev
Purl: pkg:pypi/plone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3

Fixed

5.2.2

Affected versions

4.*

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.3.9

4.3.10

4.3.11

4.3.12

4.3.13

4.3.14

4.3.15

4.3.16

4.3.17

4.3.18

4.3.19

4.3.20

5.*

5.0a1

5.0a2

5.0a3

5.0b1

5.0b2

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5

5.2.0

5.2.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2020-90.yaml"