PYSEC-2014-68

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/products-cmfplone/PYSEC-2014-68.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-68

Aliases

CVE-2013-7061
GHSA-4vr8-r7qr-fpvq
PYSEC-2014-66

Published

2014-05-02T14:55:00Z

Modified

2024-04-29T16:41:26.282695Z

Summary

[none]

Details

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

References

https://plone.org/security/20131210/catalogue-exposure
http://www.openwall.com/lists/oss-security/2013/12/12/3
http://www.openwall.com/lists/oss-security/2013/12/10/15

Affected packages

PyPI / products-cmfplone

Package

Name: products-cmfplone; View open source insights on deps.dev
Purl: pkg:pypi/products-cmfplone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

4.3.3

Affected versions

4.*

4.0b1

4.1a1

4.1a2

4.1a3

4.1b1

4.1b2

4.1rc2

4.1rc3

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2a1

4.2a2

4.2b1

4.2b2

4.2rc1

4.2rc2

4.2

4.2.0.1

4.2.1

4.2.1.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3a1

4.3a2

4.3b1

4.3b2

4.3rc1

4.3

4.3.1

4.3.2