PYSEC-2014-74
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-74.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2014-74
- Aliases
-
- CVE-2012-5489
- GHSA-879r-7f3w-8jj3
- PYSEC-2014-31
- Published
- 2014-09-30T14:55:00Z
- Modified
- 2023-11-08T03:57:08.687039Z
- Summary
- [none]
- Details
-
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
- References
-
- https://bugs.launchpad.net/zope2/+bug/1079238
- https://plone.org/products/plone/security/advisories/20121106/05
- https://plone.org/products/plone-hotfix/releases/20121106
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://github.com/advisories/GHSA-879r-7f3w-8jj3
Affected packages
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.12.21Introduced2.13Fixed2.13.11
Affected versions
2.*
2.12.0.a1
2.12.0a2
2.12.0a3
2.12.0a4
2.12.0b1
2.12.0b2
2.12.0b3
2.12.0b4
2.12.0c1
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.12.10
2.12.11
2.12.12
2.12.13
2.12.14
2.12.15
2.12.16
2.12.17
2.12.18
2.12.19
2.12.20
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9
2.13.10