PYSEC-2014-47

2014-09-3014:55:00

Google

osv.dev

0.004 Low

EPSS

Percentile

72.2%

JSON

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

CPENameOperatorVersion
ploneeq3.2a1
ploneeq4.1
ploneeq3.3.4
ploneeq3.3.3
ploneeq4.0b3
ploneeq4.0a5
ploneeq3.3b1
ploneeq4.0.6
ploneeq3.3.5
ploneeq4.1.5

Name	Operator	Version
plone	eq	3.2a1
plone	eq	4.1
plone	eq	3.3.4
plone	eq	3.3.3
plone	eq	4.0b3
plone	eq	4.0a5
plone	eq	3.3b1
plone	eq	4.0.6
plone	eq	3.3.5
plone	eq	4.1.5

Rows per page:

1-10 of 661

References

www.openwall.com/lists/oss-security/2012/11/10/1

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/21

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for OSV:PYSEC-2014-47