GHSA-hm2p-fhwx-9285
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hm2p-fhwx-9285
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-hm2p-fhwx-9285/GHSA-hm2p-fhwx-9285.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hm2p-fhwx-9285
- Aliases
- Published
- 2021-06-15T16:11:38Z
- Modified
- 2024-10-18T22:02:05.982491Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- Incorrect Permission Assignment for Critical Resource in Plone
- Details
-
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
- Database specific
{ "nvd_published_at": "2021-05-21T22:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2021-05-27T21:32:19Z", "github_reviewed": true, "cwe_ids": [ "CWE-732" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-33509
- https://github.com/advisories/GHSA-hm2p-fhwx-9285
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-81.yaml
- https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
- http://www.openwall.com/lists/oss-security/2021/05/22/1
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.5
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
5.*
5.0a1
5.0a2
5.0a3
5.0b1
5.0b2
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4