Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 6.5
CVSS3: 9.9
Описание
Plone Sandbox Bypass
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-5493
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-35.yaml
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/09
- http://www.openwall.com/lists/oss-security/2012/11/10/1
Пакеты
Наименование
Plone
pip
Затронутые версииВерсия исправления
< 4.2.3
4.2.3
Наименование
Plone
pip
Затронутые версииВерсия исправления
>= 4.3a0, < 4.3b1
4.3b1
EPSS
Процентиль: 65%
0.00492
Низкий
6.5 Medium
CVSS4
9.9 Critical
CVSS3
CVE ID
Дефекты
CWE-693
CWE-94
Связанные уязвимости
redhat
около 13 лет назад
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
nvd
около 11 лет назад
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
EPSS
Процентиль: 65%
0.00492
Низкий
6.5 Medium
CVSS4
9.9 Critical
CVSS3
CVE ID
Дефекты
CWE-693
CWE-94