CVE-2007-5741
CRITICAL9.8EPSS 3.6%zope-cmfplone - arbitrary code
發布日:2022/5/1修改日:2026/3/9
描述
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
受影響套件(4)
- Debian/zope-cmfplonefrom 0, < 2.5.1-4etch1
- Debian/zope-cmfplonefrom 0, < 2.5.1-4etch2
- PyPI/plone>= 2.5, < 2.5.5
- PyPI/plone>= 2.5, < 2.5.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(16)
- ADVISORYhttp://secunia.com/advisories/27530
- ADVISORYhttp://secunia.com/advisories/27559
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-5741
- ADVISORYhttp://www.vupen.com/english/advisories/2007/3754
- PATCHhttps://github.com/plone/Plone
- PATCHhttp://www.securityfocus.com/bid/26354
- WEBhttp://osvdb.org/42071
- WEBhttp://osvdb.org/42072
- WEBhttp://plone.org/about/security/advisories/cve-2007-5741
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38288
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
- WEBhttps://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
- WEBhttps://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
- WEBhttps://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
- WEBhttp://www.debian.org/security/2007/dsa-1405
- WEBhttp://www.securityfocus.com/archive/1/483343/100/0/threaded