CVE-2011-4030
EPSS 1.1%Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
發布日:2022/5/17修改日:2024/12/3
描述
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
受影響套件(1)
- PyPI/plone>= 4.0, < 4.0.10
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4030
- PATCHhttps://github.com/plone/Plone
- WEBhttp://plone.org/products/plone-hotfix/releases/20110928
- WEBhttp://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- WEBhttp://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yaml