PYSEC-2023-113
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/products-cmfcore/PYSEC-2023-113.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2023-113
- Aliases
- Published
- 2023-07-03T17:15:00Z
- Modified
- 2023-11-01T05:02:28.461976Z
- Summary
- [none]
- Details
-
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on
PortalFolderobjects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top ofProducts.CMFCore, such as Plone. All deployments are vulnerable. The code has been fixed inProducts.CMFCoreversion 3.2. - References
Affected packages
PyPI / products-cmfcore
Package
- Name
- products-cmfcore
- View open source insights on deps.dev
- Purl
- pkg:pypi/products-cmfcore
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zopefoundation/Products.CMFCore
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2
Affected versions
2.*
2.1.1
2.1.2-beta
2.1.2
2.1.3
2.2.0-alpha
2.2.0-beta
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.3.0-beta
2.3.0-beta2
2.3.0
2.3.1
2.4.0b1
2.4.0b2
2.4.0b3
2.4.0b4
2.4.0b5
2.4.0b6
2.4.0b7
2.4.0b8
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.7.0
3.*
3.0
3.1