Description
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2022-25235)
WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)
Jboss EAP Improper Initialization Vulnerability (CVE-2023-4503)
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2021-21359)
WordPress Plugin WP Spell Check Cross-Site Request Forgery (7.1.9)