Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63296?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63296?format=api", "purl": "pkg:pypi/plone@2.1", "type": "pypi", "namespace": "", "name": "plone", "version": "2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.5.1", "latest_non_vulnerable_version": "6.0.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34834?format=api", "vulnerability_id": "VCID-4v5e-r5we-tffe", "summary": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-64.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/08/01/2" }, { "reference_url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/530787/100/0/threaded" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200", "reference_id": "CVE-2013-4200", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4200" }, { "reference_url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82", "reference_id": "GHSA-56p3-rrp4-2j82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56p3-rrp4-2j82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4200", "GHSA-56p3-rrp4-2j82", "PYSEC-2014-64" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v5e-r5we-tffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34843?format=api", "vulnerability_id": "VCID-nrxp-p6rx-8kdd", "summary": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195", "reference_id": "CVE-2013-4195", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4195" }, { "reference_url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm", "reference_id": "GHSA-j67j-8hrp-76xm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j67j-8hrp-76xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4195", "GHSA-j67j-8hrp-76xm", "PYSEC-2014-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrxp-p6rx-8kdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34844?format=api", "vulnerability_id": "VCID-shjb-m9k6-uuf1", "summary": "(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978482" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-63.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199", "reference_id": "CVE-2013-4199", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4199" }, { "reference_url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m", "reference_id": "GHSA-xfjq-9rxq-ph6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xfjq-9rxq-ph6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4199", "GHSA-xfjq-9rxq-ph6m", "PYSEC-2014-63" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shjb-m9k6-uuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34852?format=api", "vulnerability_id": "VCID-ud5f-7gx8-83d6", "summary": "The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978475" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196", "reference_id": "CVE-2013-4196", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4196" }, { "reference_url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj", "reference_id": "GHSA-qphh-5fv5-2mjj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qphh-5fv5-2mjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4196", "GHSA-qphh-5fv5-2mjj", "PYSEC-2014-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud5f-7gx8-83d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34850?format=api", "vulnerability_id": "VCID-yuph-y2fa-3uaa", "summary": "The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.", "references": [ { "reference_url": "http://plone.org/products/plone-hotfix/releases/20130618", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone-hotfix/releases/20130618" }, { "reference_url": "http://plone.org/products/plone/security/advisories/20130618-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978470" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/261" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-58.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194", "reference_id": "CVE-2013-4194", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4194" }, { "reference_url": "https://github.com/advisories/GHSA-mm32-jw73-9227", "reference_id": "GHSA-mm32-jw73-9227", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm32-jw73-9227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7146?format=api", "purl": "pkg:pypi/plone@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sk4-yc6h-17c4" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-9kgy-2mwu-6yhd" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-chqa-wbu7-eyak" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-dxqw-uf6r-vbbh" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eg2r-ez9f-hkak" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-g2ap-vh6r-yqds" }, { "vulnerability": "VCID-g6ky-pfur-7kfg" }, { "vulnerability": "VCID-gdtw-2d1s-2bbw" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-h8ur-tnzd-afay" }, { "vulnerability": "VCID-hb93-ea78-8ygv" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-khhr-m295-23gs" }, { "vulnerability": "VCID-khsn-43tn-37bx" }, { "vulnerability": "VCID-krfw-xa2b-vue5" }, { "vulnerability": "VCID-kz14-79we-xbfe" }, { "vulnerability": "VCID-mt5t-3gsw-7fde" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pb2y-jwn1-wbck" }, { "vulnerability": "VCID-pgrv-sncf-cqca" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-svbc-dj3m-t7av" }, { "vulnerability": "VCID-tc7w-wttv-vfed" }, { "vulnerability": "VCID-uykg-p1e9-mfd8" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-vr9k-9xch-4yc7" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-x6y6-xx1a-7kfd" }, { "vulnerability": "VCID-xpq8-npn5-kyb9" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-yhzr-hb68-cfd6" }, { "vulnerability": "VCID-zd73-fvwg-nbgx" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7900?format=api", "purl": "pkg:pypi/plone@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/7901?format=api", "purl": "pkg:pypi/plone@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17w2-gd3m-2qff" }, { "vulnerability": "VCID-5n6e-cha8-nyb8" }, { "vulnerability": "VCID-5ry7-xy6b-5fag" }, { "vulnerability": "VCID-6568-4ert-1bau" }, { "vulnerability": "VCID-69ps-uetw-y3gf" }, { "vulnerability": "VCID-8rp3-p3qe-x7ej" }, { "vulnerability": "VCID-8wkk-84ky-17ak" }, { "vulnerability": "VCID-9gu8-dgkr-sua3" }, { "vulnerability": "VCID-ax8a-2g7j-6ya2" }, { "vulnerability": "VCID-ay85-551m-vfej" }, { "vulnerability": "VCID-basq-jjsf-3fbd" }, { "vulnerability": "VCID-bmwk-nutp-r3fs" }, { "vulnerability": "VCID-cpwq-sq8b-4yhf" }, { "vulnerability": "VCID-d42u-s7za-a3ad" }, { "vulnerability": "VCID-dg61-tw4u-dbcc" }, { "vulnerability": "VCID-edq7-7ncc-mbfx" }, { "vulnerability": "VCID-eu4z-htaq-c3d6" }, { "vulnerability": "VCID-exan-4j3e-2qeh" }, { "vulnerability": "VCID-fdpc-runu-ekah" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-hhux-xufk-ube2" }, { "vulnerability": "VCID-j8fv-uhxw-jkcw" }, { "vulnerability": "VCID-mn7t-zgfw-tqfw" }, { "vulnerability": "VCID-n4nh-4rq4-r7hx" }, { "vulnerability": "VCID-p71t-er3d-9fdn" }, { "vulnerability": "VCID-pzke-4by2-w3hk" }, { "vulnerability": "VCID-q7nt-b3s9-9kf6" }, { "vulnerability": "VCID-r52t-hx1j-ufa1" }, { "vulnerability": "VCID-vgga-a2ga-t3hw" }, { "vulnerability": "VCID-w2mv-zekv-8fcv" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-x2xm-hpc2-uubq" }, { "vulnerability": "VCID-yfkz-3xu3-vyc9" }, { "vulnerability": "VCID-z4jt-v88h-77er" }, { "vulnerability": "VCID-zwnj-revc-vbd6" }, { "vulnerability": "VCID-zy2g-gzmk-1qcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.2" } ], "aliases": [ "CVE-2013-4194", "GHSA-mm32-jw73-9227", "PYSEC-2014-58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuph-y2fa-3uaa" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.1" }