PT-2017-16557 · Plone Foundation · Plone

Armin Ronacher

Published

2017-03-23

Updated

2019-10-03

CVE-2017-5524

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Plone versions 4.x through 4.3.11 Plone versions 5.x through 5.0.6

Description The issue allows remote attackers to bypass a sandbox protection mechanism and obtain sensitive information. This is achieved by leveraging the Python string format method.

Recommendations For Plone versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue. For Plone versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2017-5524

GHSA-P5WR-VP8G-Q5P4

PYSEC-2017-81

Affected Products

Plone

PT-2017-16557 · Plone Foundation · Plone

CVE-2017-5524

Weakness Enumeration

Related Identifiers

Affected Products

References · 12