plone.app.contenttypes is vulnerable to authorization bypass. The vulnerability exists as a user might be able to use a PUT request to overwrite content without requiring the write permission.
CPE | Name | Operator | Version |
---|---|---|---|
plone.app.contenttypes | le | 1.4.16 | |
plone.app.contenttypes | le | 2.1.5 |