CVE-2007-5741 – plone

Package

Manager: pip
Name: plone
Vulnerable Version: >=2.5 <2.5.5 || >=3.0 <3.0.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03388 pctl0.86933

Details

Plone Arbitrary Code Execution via Unsafe Handling of Pickles Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Metadata

Created: 2022-05-01T18:36:14Z
Modified: 2024-11-26T16:50:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hf26-vvmx-x8c8/GHSA-hf26-vvmx-x8c8.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-hf26-vvmx-x8c8
Finding: F422
Auto approve: 1