CVE-2017-5524

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

Published: Mar 23, 2017
Updated: May 9, 2024
CVE: CVE-2017-5524
GHSA: GHSA-p5wr-vp8g-q5p4
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
plone / plone	4.3.3	4.3.3.x
plone / plone	4.3.11	4.3.11.x
plone / plone	4.0.5	4.0.5.x
plone / plone	4.3.6	4.3.6.x
plone / plone	5.0.1	5.0.1.x
plone / plone	4.2.3	4.2.3.x
plone / plone	5.0.2	5.0.2.x
plone / plone	5.0-rc2	5.0-rc2.x
plone / plone	4.0.2	4.0.2.x
plone / plone	5.0.5	5.0.5.x
plone / plone	4.3.5	4.3.5.x
plone / plone	4.3.10	4.3.10.x
plone / plone	5.0.3	5.0.3.x
plone / plone	4.3	4.3.x
plone / plone	4.2.2	4.2.2.x
plone / plone	4.0.8	4.0.8.x
plone / plone	5.0.6	5.0.6.x
plone / plone	4.0.7	4.0.7.x
plone / plone	4.2.7	4.2.7.x
plone / plone	4.2.5	4.2.5.x
plone / plone	5.0.4	5.0.4.x
plone / plone	4.1.6	4.1.6.x
plone / plone	4.0.4	4.0.4.x
plone / plone	4.3.4	4.3.4.x
plone / plone	4.0.9	4.0.9.x
plone / plone	4.1.3	4.1.3.x
plone / plone	4.1	4.1.x
plone / plone	5.1-a1	5.1-a1.x
plone / plone	5.1-a2	5.1-a2.x
plone / plone	4.1.4	4.1.4.x
plone / plone	4.0.10	4.0.10.x
plone / plone	5.0-rc1	5.0-rc1.x
plone / plone	4.0	4.0.x
plone / plone	4.3.7	4.3.7.x
plone / plone	5.0	5.0.x
plone / plone	4.3.8	4.3.8.x
plone / plone	4.1.2	4.1.2.x
plone / plone	4.1.5	4.1.5.x
plone / plone	4.3.1	4.3.1.x
plone / plone	4.2.6	4.2.6.x
plone / plone	4.0.1	4.0.1.x
plone / plone	4.1.1	4.1.1.x
plone / plone	4.2.4	4.2.4.x
plone / plone	4.3.9	4.3.9.x
plone / plone	5.0-rc3	5.0-rc3.x
plone / plone	4.0.3	4.0.3.x
plone / plone	4.3.2	4.3.2.x
plone / plone	4.2	4.2.x
plone / plone	4.2.1	4.2.1.x
plone	4.0	4.3.12
plone	5.1a1	5.1b1
plone	5.0rc1	5.0.7

Vulnerability Database

289,782

CVE-2017-5524