PYSEC-2014-28
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-28.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2014-28
- Aliases
-
- CVE-2012-5486
- GHSA-77hv-8796-8ccp
- PYSEC-2014-73
- Published
- 2014-09-30T14:55:00Z
- Modified
- 2023-11-08T03:57:08.503914Z
- Summary
- [none]
- Details
-
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
- References
-
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://bugs.launchpad.net/zope2/+bug/930812
- https://plone.org/products/plone/security/advisories/20121106/02
- https://plone.org/products/plone-hotfix/releases/20121106
- http://rhn.redhat.com/errata/RHSA-2014-1194.html
- https://github.com/advisories/GHSA-77hv-8796-8ccp
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.3
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2