CVE-2021-33509

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33509

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33509.json

Aliases

GHSA-hm2p-fhwx-9285
PYSEC-2021-81

Published

2021-05-21T22:15:08Z

Modified

2023-11-29T08:55:20.197449Z

Details

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

References

https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
http://www.openwall.com/lists/oss-security/2021/05/22/1

Affected packages

Git / github.com/plone/plone

Affected ranges

Type: GIT
Repo: https://github.com/plone/plone
Events: Introduced

0The exact introduced commit is unknown

Last affected

d5b50de9c17faac5051d06141bd12cd3e40af8e8

Affected versions

4.*

4.1.0

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc1

4.1rc2

4.1rc3

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.3

4.3.1

4.3a1

4.3a2

4.3b1

4.3b2

5.*

5.0

5.0.1

5.0.2

5.0a2

5.0a3

5.0b1

5.0b3

5.0b4

5.0rc1

5.0rc2

5.0rc3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1a1

5.1a2

5.1b1

5.1b2

5.1b3

5.1b4

5.1rc1

5.1rc2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2a1

5.2a2

5.2b1

5.2rc1

5.2rc2

5.2rc3

5.2rc4

5.2rc5