PT-2017-16557 · Plone Foundation · Plone

Armin Ronacher

Publicado

2017-03-23

Atualizado

2019-10-03

CVE-2017-5524

CVSS v4.0

5.3

Média

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Plone versions 4.x through 4.3.11 Plone versions 5.x through 5.0.6

Description The issue allows remote attackers to bypass a sandbox protection mechanism and obtain sensitive information. This is achieved by leveraging the Python string format method.

Recommendations For Plone versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

Correção

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

CVE-2017-5524

GHSA-P5WR-VP8G-Q5P4

PYSEC-2017-81

Produtos afetados

Plone

PT-2017-16557 · Plone Foundation · Plone

CVE-2017-5524

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12