Plone Foundation · Plone · CVE-2017-5524
**Name of the Vulnerable Software and Affected Versions**
Plone versions 4.x through 4.3.11
Plone versions 5.x through 5.0.6
**Description**
The issue allows remote attackers to bypass a sandbox protection mechanism and obtain sensitive information. This is achieved by leveraging the Python string format method.
**Recommendations**
For Plone versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue.
For Plone versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.