Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57287?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57287?format=api", "purl": "pkg:pypi/plone@2.5", "type": "pypi", "namespace": "", "name": "plone", "version": "2.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.5.1", "latest_non_vulnerable_version": "6.0.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35163?format=api", "vulnerability_id": "VCID-5ry7-xy6b-5fag", "summary": "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.", "references": [ { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-72.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/sandbox-escape", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/hotfix/20171128/sandbox-escape" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483", "reference_id": "CVE-2017-1000483", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000483" }, { "reference_url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx", "reference_id": "GHSA-qc57-h2f7-p4hx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qc57-h2f7-p4hx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000483", "GHSA-qc57-h2f7-p4hx", "PYSEC-2018-72" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ry7-xy6b-5fag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34649?format=api", "vulnerability_id": "VCID-8mwv-f9c8-nqcw", "summary": "Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to \"an erroneous security declaration.\"", "references": [ { "reference_url": "http://plone.org/about/security/advisories/cve-2006-4247", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/about/security/advisories/cve-2006-4247" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-5.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-5.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4247", "reference_id": "CVE-2006-4247", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4247" }, { "reference_url": "https://github.com/advisories/GHSA-5hch-v5pq-x4qp", "reference_id": "GHSA-5hch-v5pq-x4qp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5hch-v5pq-x4qp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6836?format=api", "purl": "pkg:pypi/plone@2.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5.1" } ], "aliases": [ "CVE-2006-4247", "GHSA-5hch-v5pq-x4qp", "PYSEC-2006-5", "PYSEC-2006-9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mwv-f9c8-nqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35161?format=api", "vulnerability_id": "VCID-dg61-tw4u-dbcc", "summary": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.", "references": [ { "reference_url": "https://github.com/plone/Products.CMFPlone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/commit/05a943ecbcdda56bacc93b55c9e2e908d8a7dfab" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/commit/0e50e1e67ea3b6d3187f78cb1a1628081f654d3b" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/commit/236b62b756ff46a92783b3897e717dfb15eb07d8" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/commit/7db5b2c8fb684055987b8c4fdedc29289bd26373" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/pull/2233" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/pull/2234" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/pull/2235" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/pull/2236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/pull/2236" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-70.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481", "reference_id": "CVE-2017-1000481", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000481" }, { "reference_url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh", "reference_id": "GHSA-8g72-gq68-6gqh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8g72-gq68-6gqh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000481", "GHSA-8g72-gq68-6gqh", "PYSEC-2018-70" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg61-tw4u-dbcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35164?format=api", "vulnerability_id": "VCID-edq7-7ncc-mbfx", "summary": "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)", "references": [ { "reference_url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xvwv-6wvx-px9x" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/issues/2232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Products.CMFPlone/issues/2232" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml" }, { "reference_url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484", "reference_id": "CVE-2017-1000484", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000484" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9718?format=api", "purl": "pkg:pypi/plone@4.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/10591?format=api", "purl": "pkg:pypi/plone@5.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29gf-82fr-k3h8" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-951j-w95x-83g8" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-z4jt-v88h-77er" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0" } ], "aliases": [ "CVE-2017-1000484", "GHSA-xvwv-6wvx-px9x", "PYSEC-2018-73" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34655?format=api", "vulnerability_id": "VCID-gxgu-mp2h-hfe1", "summary": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.", "references": [ { "reference_url": "http://osvdb.org/42071", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42071" }, { "reference_url": "http://osvdb.org/42072", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/42072" }, { "reference_url": "http://plone.org/about/security/advisories/cve-2007-5741", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/about/security/advisories/cve-2007-5741" }, { "reference_url": "http://secunia.com/advisories/27530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27530" }, { "reference_url": "http://secunia.com/advisories/27559", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27559" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml" }, { "reference_url": "https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354" }, { "reference_url": "https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded" }, { "reference_url": "http://www.debian.org/security/2007/dsa-1405", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2007/dsa-1405" }, { "reference_url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/26354", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/26354" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3754", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/3754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5741", "reference_id": "CVE-2007-5741", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5741" }, { "reference_url": "https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741", "reference_id": "CVE-2007-5741", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741" }, { "reference_url": "https://github.com/advisories/GHSA-hf26-vvmx-x8c8", "reference_id": "GHSA-hf26-vvmx-x8c8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hf26-vvmx-x8c8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6845?format=api", "purl": "pkg:pypi/plone@2.5.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6846?format=api", "purl": "pkg:pypi/plone@3.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.0.3" } ], "aliases": [ "CVE-2007-5741", "GHSA-hf26-vvmx-x8c8", "PYSEC-2007-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxgu-mp2h-hfe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34651?format=api", "vulnerability_id": "VCID-sahr-5jt9-jbdj", "summary": "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\"", "references": [ { "reference_url": "http://plone.org/about/security/advisories/cve-2006-4249/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/about/security/advisories/cve-2006-4249/" }, { "reference_url": "http://secunia.com/advisories/23240", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/23240" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2006-6.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/21460", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/21460" }, { "reference_url": "http://www.vupen.com/english/advisories/2006/4878", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2006/4878" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4249", "reference_id": "CVE-2006-4249", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4249" }, { "reference_url": "https://github.com/advisories/GHSA-r7j4-82xw-8m9p", "reference_id": "GHSA-r7j4-82xw-8m9p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7j4-82xw-8m9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6838?format=api", "purl": "pkg:pypi/plone@2.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5.2" } ], "aliases": [ "CVE-2006-4249", "GHSA-r7j4-82xw-8m9p", "PYSEC-2006-10", "PYSEC-2006-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sahr-5jt9-jbdj" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5" }