Lucene search

GitHub Advisory DatabaseGHSA-25JH-5H5R-H33M

HistoryMay 17, 2022 - 4:32 a.m.

Plone Sandbox Bypass

2022-05-1704:32:23

CWE-94

CWE-693

GitHub Advisory Database

github.com

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.2%

JSON

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

Affected configurations

Vulners

Node

ploneploneRange<4.3b1

ploneploneRange<4.2.3

CPENameOperatorVersion
plonelt4.3b1
plonelt4.2.3

CPE	Name	Operator	Version
	plone	lt	4.3b1
	plone	lt	4.2.3

References

www.openwall.com/lists/oss-security/2012/11/10/1

github.com/advisories/GHSA-25jh-5h5r-h33m

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

nvd.nist.gov/vuln/detail/CVE-2012-5493

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/09

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for GHSA-25JH-5H5R-H33M