5 matches found
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-7941 via plone-app-contenttypes (=2.2.2)
plone-app-contenttypes PYPI version =2.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-contenttypes and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-7941 Source advisory: OSV:GHSA-W6G9-XCCC-347H...
CVE-2020-7941
A privilege escalation flaw was found in plone in versions 4.3 through 5.2.1. Users are allowed to PUT overwrite some content without needing write permissions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...