CVE-2011-3587 – zope2

Package

Manager: pip
Name: zope2
Vulnerable Version: >=2.12.0 <2.12.20 || >=2.13.0 <2.13.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.90592 pctl0.99593

Details

Zope Command Execution Vulnerability Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the `p_` class in `OFS/misc_.py` and the use of Python modules.

Metadata

Created: 2022-05-17T05:37:39Z
Modified: 2024-11-22T20:15:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8w48-m6hx-rjw2/GHSA-8w48-m6hx-rjw2.json
CWE IDs: []
Alternative ID: GHSA-8w48-m6hx-rjw2
Finding: F422
Auto approve: 1