Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OXItN2Yzdy04amoz
Moderate severity vulnerability that affects Plone and Zope2
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-879r-7f3w-8jj3JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OXItN2Yzdy04amoz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-879r-7f3w-8jj3, CVE-2012-5489
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-5489
- https://bugs.launchpad.net/zope2/+bug/1079238
- https://github.com/advisories/GHSA-879r-7f3w-8jj3
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/05
- http://www.openwall.com/lists/oss-security/2012/11/10/1
Blast Radius: 0.0
Affected Packages
pypi:Plone
Dependent packages: 5Dependent repositories: 7
Downloads: 8,553 last month
Affected Version Ranges: >= 4.3a1, <= 4.3a2, >= 3.2.2, < 4.2.3
Fixed in: 4.3b1, 4.2.3
All affected versions: 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10
All unaffected versions:
pypi:Zope2
Dependent packages: 9Dependent repositories: 4
Downloads: 6,317 last month
Affected Version Ranges: >= 2.13.0, < 2.13.11, < 2.12.21
Fixed in: 2.13.11, 2.12.21
All affected versions: 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.12.11, 2.12.12, 2.12.13, 2.12.14, 2.12.15, 2.12.16, 2.12.17, 2.12.18, 2.12.19, 2.12.20, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10
All unaffected versions: 2.12.21, 2.12.22, 2.12.23, 2.12.24, 2.12.25, 2.12.26, 2.12.27, 2.12.28, 2.13.11, 2.13.12, 2.13.13, 2.13.14, 2.13.15, 2.13.16, 2.13.17, 2.13.18, 2.13.19, 2.13.20, 2.13.21, 2.13.22, 2.13.23, 2.13.24, 2.13.25, 2.13.26, 2.13.27, 2.13.28, 2.13.29, 2.13.30