Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 5.3
Описание
Plone Information Disclosure
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-5491
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-33.yaml
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/07
- http://www.openwall.com/lists/oss-security/2012/11/10/1
Пакеты
Наименование
Plone
pip
Затронутые версииВерсия исправления
< 4.2.3
4.2.3
Наименование
Plone
pip
Затронутые версииВерсия исправления
>= 4.3a0, < 4.3b1
4.3b1
Связанные уязвимости
redhat
больше 13 лет назад
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
nvd
больше 11 лет назад
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.