CVE-2011-3587

Name of the Vulnerable Software and Affected Versions Zope versions 2.12.x through 2.13.x Plone versions 4.0.x through 4.0.9 Plone version 4.1 Plone versions 4.2 through 4.2a2

Description The issue allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc .py and the use of Python modules.

Recommendations For Zope versions 2.12.x through 2.13.x, consider restricting access to the OFS/misc .py module to minimize the risk of exploitation. For Plone versions 4.0.x through 4.0.9, version 4.1, and versions 4.2 through 4.2a2, avoid using the p class in OFS/misc .py until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.