Description

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

Remediation

References

CVE-2017-5524

Related Vulnerabilities

SharePoint CVE-2023-24954 Vulnerability (CVE-2023-24954)

WebLogic CVE-2016-0638 Vulnerability (CVE-2016-0638)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)

WordPress Plugin WP Statistics SQL Injection (12.0.7)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)

Severity

Medium

Classification

CVE-2017-5524 CWE-134 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities