Vulnerability Details CVE-2012-5493
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.6%
CVSS Severity
CVSS v2 Score 8.5
References
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/09
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/09
Products affected by CVE-2012-5493
-
cpe:2.3:a:plone:plone:1.0
-
cpe:2.3:a:plone:plone:1.0.1
-
cpe:2.3:a:plone:plone:1.0.2
-
cpe:2.3:a:plone:plone:1.0.3
-
cpe:2.3:a:plone:plone:1.0.4
-
cpe:2.3:a:plone:plone:1.0.5
-
cpe:2.3:a:plone:plone:1.0.6
-
cpe:2.3:a:plone:plone:2.0
-
cpe:2.3:a:plone:plone:2.0.1
-
cpe:2.3:a:plone:plone:2.0.2
-
cpe:2.3:a:plone:plone:2.0.3
-
cpe:2.3:a:plone:plone:2.0.4
-
cpe:2.3:a:plone:plone:2.0.5
-
cpe:2.3:a:plone:plone:2.1
-
cpe:2.3:a:plone:plone:2.1.1
-
cpe:2.3:a:plone:plone:2.1.2
-
cpe:2.3:a:plone:plone:2.1.3
-
cpe:2.3:a:plone:plone:2.1.4
-
cpe:2.3:a:plone:plone:2.5
-
cpe:2.3:a:plone:plone:2.5.1
-
cpe:2.3:a:plone:plone:2.5.2
-
cpe:2.3:a:plone:plone:2.5.3
-
cpe:2.3:a:plone:plone:2.5.4
-
cpe:2.3:a:plone:plone:2.5.5
-
cpe:2.3:a:plone:plone:3.0
-
cpe:2.3:a:plone:plone:3.0.1
-
cpe:2.3:a:plone:plone:3.0.2
-
cpe:2.3:a:plone:plone:3.0.3
-
cpe:2.3:a:plone:plone:3.0.4
-
cpe:2.3:a:plone:plone:3.0.5
-
cpe:2.3:a:plone:plone:3.0.6
-
cpe:2.3:a:plone:plone:3.1
-
cpe:2.3:a:plone:plone:3.1.1
-
cpe:2.3:a:plone:plone:3.1.2
-
cpe:2.3:a:plone:plone:3.1.3
-
cpe:2.3:a:plone:plone:3.1.4
-
cpe:2.3:a:plone:plone:3.1.5.1
-
cpe:2.3:a:plone:plone:3.1.6
-
cpe:2.3:a:plone:plone:3.1.7
-
cpe:2.3:a:plone:plone:3.2
-
cpe:2.3:a:plone:plone:3.2.1
-
cpe:2.3:a:plone:plone:3.2.2
-
cpe:2.3:a:plone:plone:3.2.3
-
cpe:2.3:a:plone:plone:3.3
-
cpe:2.3:a:plone:plone:3.3.0
-
cpe:2.3:a:plone:plone:3.3.1
-
cpe:2.3:a:plone:plone:3.3.2
-
cpe:2.3:a:plone:plone:3.3.3
-
cpe:2.3:a:plone:plone:3.3.4
-
cpe:2.3:a:plone:plone:3.3.5
-
cpe:2.3:a:plone:plone:3.3.6
-
cpe:2.3:a:plone:plone:4.0
-
cpe:2.3:a:plone:plone:4.0.0
-
cpe:2.3:a:plone:plone:4.0.1
-
cpe:2.3:a:plone:plone:4.0.10
-
cpe:2.3:a:plone:plone:4.0.2
-
cpe:2.3:a:plone:plone:4.0.3
-
cpe:2.3:a:plone:plone:4.0.4
-
cpe:2.3:a:plone:plone:4.0.5
-
cpe:2.3:a:plone:plone:4.0.6
-
cpe:2.3:a:plone:plone:4.0.6.1
-
cpe:2.3:a:plone:plone:4.0.7
-
cpe:2.3:a:plone:plone:4.0.8
-
cpe:2.3:a:plone:plone:4.0.9
-
cpe:2.3:a:plone:plone:4.1
-
cpe:2.3:a:plone:plone:4.1.0
-
cpe:2.3:a:plone:plone:4.1.1
-
cpe:2.3:a:plone:plone:4.1.2
-
cpe:2.3:a:plone:plone:4.1.3
-
cpe:2.3:a:plone:plone:4.1.4
-
cpe:2.3:a:plone:plone:4.1.5
-
cpe:2.3:a:plone:plone:4.1.6
-
cpe:2.3:a:plone:plone:4.2
-
cpe:2.3:a:plone:plone:4.2.0
-
cpe:2.3:a:plone:plone:4.2.0.1
-
cpe:2.3:a:plone:plone:4.2.1
-
cpe:2.3:a:plone:plone:4.2.1.1
-
cpe:2.3:a:plone:plone:4.2.2
-
cpe:2.3:a:plone:plone:4.3