GHSA-grwx-4p5v-9g2g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-grwx-4p5v-9g2g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-grwx-4p5v-9g2g/GHSA-grwx-4p5v-9g2g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-grwx-4p5v-9g2g
- Aliases
-
- CVE-2013-4191
- PYSEC-2014-55
- Published
- 2022-05-17T04:49:45Z
- Modified
- 2024-10-15T17:33:21.297601Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone is vulnerable to Information Exposure when generating zip archives
- Details
-
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
- Database specific
{ "nvd_published_at": "2014-03-11T19:37:00Z", "severity": "MODERATE", "github_reviewed_at": "2023-08-29T18:27:18Z", "github_reviewed": true, "cwe_ids": [ "CWE-200" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-4191
- https://bugzilla.redhat.com/show_bug.cgi?id=978453
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-55.yaml
- http://plone.org/products/plone-hotfix/releases/20130618
- http://plone.org/products/plone/security/advisories/20130618-announcement
- http://seclists.org/oss-sec/2013/q3/261
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone