Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2aDktaHBjZy1jNmdt
High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
Permalink: https://github.com/advisories/GHSA-p6h9-hpcg-c6gmJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2aDktaHBjZy1jNmdt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: 26 days ago
EPSS Percentage: 0.01175
EPSS Percentile: 0.84743
Identifiers: GHSA-p6h9-hpcg-c6gm, CVE-2011-2528
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-2528
- https://bugzilla.redhat.com/show_bug.cgi?id=718824
- https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-25.yaml
- https://plone.org/products/plone-hotfix/releases/20110622
- https://plone.org/products/plone/security/advisories/20110622
- https://www.openwall.com/lists/oss-security/2011/07/04/6
- https://www.openwall.com/lists/oss-security/2011/07/12/9
- https://github.com/advisories/GHSA-p6h9-hpcg-c6gm
Affected Packages
pypi:Zope2
Dependent packages: 9Dependent repositories: 4
Downloads: 7,478 last month
Affected Version Ranges: >= 2.13.0, < 2.13.8, >= 2.12.0, < 2.12.19
Fixed in: 2.13.8, 2.12.19
All affected versions: 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.12.11, 2.12.12, 2.12.13, 2.12.14, 2.12.15, 2.12.16, 2.12.17, 2.12.18, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7
All unaffected versions: 2.12.19, 2.12.20, 2.12.21, 2.12.22, 2.12.23, 2.12.24, 2.12.25, 2.12.26, 2.12.27, 2.12.28, 2.13.8, 2.13.9, 2.13.10, 2.13.11, 2.13.12, 2.13.13, 2.13.14, 2.13.15, 2.13.16, 2.13.17, 2.13.18, 2.13.19, 2.13.20, 2.13.21, 2.13.22, 2.13.23, 2.13.24, 2.13.25, 2.13.26, 2.13.27, 2.13.28, 2.13.29, 2.13.30
pypi:Plone
Dependent packages: 5Dependent repositories: 7
Downloads: 8,277 last month
Affected Version Ranges: >= 3.3.2, < 3.3.6
Fixed in: 3.3.6
All affected versions: 3.3.2, 3.3.3, 3.3.4, 3.3.5
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14