GHSA-qc57-h2f7-p4hx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qc57-h2f7-p4hx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qc57-h2f7-p4hx/GHSA-qc57-h2f7-p4hx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qc57-h2f7-p4hx
- Aliases
- Published
- 2022-05-13T01:41:15Z
- Modified
- 2024-10-18T16:15:55.348957Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Plone Unauthorized Access Vulnerability
- Details
-
Accessing private content via
str.formatin through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. - Database specific
{ "github_reviewed": true, "nvd_published_at": "2018-01-03T18:29:00Z", "github_reviewed_at": "2023-07-26T19:35:01Z", "severity": "HIGH", "cwe_ids": [ "CWE-284" ] }- References
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone