PYSEC-2011-27

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2011-27

Withdrawn

2024-11-22T04:37:05Z

Published

2011-10-10T10:55:00Z

Modified

2024-11-21T14:22:59.206417Z

Summary

[none]

Details

The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.

References

Affected packages

PyPI / products-plonehotfix20110928

Package

Name: products-plonehotfix20110928; View open source insights on deps.dev
Purl: pkg:pypi/products-plonehotfix20110928

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

1.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yaml"