CVE-2012-5488

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 4.6

Описание

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-95

https://bugzilla.redhat.com/show_bug.cgi?id=878945(Plone): Restricted Python injection

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2012-5488

nvd

почти 11 лет назад

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

GHSA-cxw7-85xm-3xrc

CVSS3: 9.8

github

больше 3 лет назад

Plone Code Injection vulnerability

ELSA-2014-1194

oracle-oval

почти 11 лет назад

ELSA-2014-1194: conga security and bug fix update (MODERATE)

4.6 Medium

CVSS2