PYSEC-2014-53

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-53.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2014-53
Aliases
Published
2014-03-11T19:37:00Z
Modified
2026-06-10T17:01:27.683713779Z
Summary
[none]
Details

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
4.1.1
Introduced
4.2
Fixed
4.2.6
Introduced
4.3
Fixed
4.3.2

Affected versions

3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3
4.3.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-53.yaml"