Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/plone@5.0rc2

Type pypi

Namespace

Name plone

Version 5.0rc2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.5

Latest_non_vulnerable_version 5.2.5

Affected_by_vulnerabilities

url VCID-6568-4ert-1bau

vulnerability_id VCID-6568-4ert-1bau

summary Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

references

reference_url	https://github.com/advisories/GHSA-p5wr-vp8g-q5p4
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-p5wr-vp8g-q5p4

reference_url	https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/commit/a7d47692058e10ce89968e7ca4dacbdf44fcad4f

reference_url	https://github.com/plone/Products.CMFPlone/pull/1912
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/pull/1912

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-81.yaml

reference_url	https://plone.org/security/hotfix/20170117/sandbox-escape
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20170117/sandbox-escape

reference_url	http://www.openwall.com/lists/oss-security/2017/01/18/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/01/18/6

reference_url	http://www.securityfocus.com/bid/95679
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95679

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5524
reference_id	CVE-2017-5524
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5524

fixed_packages

url pkg:pypi/plone@5.0.7

purl pkg:pypi/plone@5.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-jvvz-bafs-t7gc

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0.7

url pkg:pypi/plone@5.1b1

purl pkg:pypi/plone@5.1b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1b1

aliases CVE-2017-5524, GHSA-p5wr-vp8g-q5p4, PYSEC-2017-81

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6568-4ert-1bau

url VCID-8rp3-p3qe-x7ej

vulnerability_id VCID-8rp3-p3qe-x7ej

summary Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

references

reference_url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt

reference_url	https://github.com/advisories/GHSA-2c8c-84w2-j38j
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-2c8c-84w2-j38j

reference_url	https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/issues/3209

reference_url	https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url	https://www.misakikata.com/codes/plone/python-en.html

fixed_packages

url pkg:pypi/plone@5.2.3

purl pkg:pypi/plone@5.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3

aliases CVE-2020-28736, GHSA-2c8c-84w2-j38j, PYSEC-2020-248

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rp3-p3qe-x7ej

url VCID-8wkk-84ky-17ak

vulnerability_id VCID-8wkk-84ky-17ak

summary Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.

references

reference_url	https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121

reference_url	https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked

reference_url	https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/01/22/1

reference_url	http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/01/24/1

fixed_packages

url pkg:pypi/plone@5.2.1

purl pkg:pypi/plone@5.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8t99-yuxa-ekhm

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.1

aliases CVE-2020-7940, PYSEC-2020-89

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wkk-84ky-17ak

url VCID-9gu8-dgkr-sua3

vulnerability_id VCID-9gu8-dgkr-sua3

summary An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.

references

reference_url	https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121

reference_url	https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places

reference_url	https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/01/22/1

reference_url	http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/01/24/1

fixed_packages

url pkg:pypi/plone@5.2.2

purl pkg:pypi/plone@5.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2

aliases CVE-2020-7936, PYSEC-2020-85

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gu8-dgkr-sua3

url VCID-ax8a-2g7j-6ya2

vulnerability_id VCID-ax8a-2g7j-6ya2

summary Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.

references

reference_url	https://github.com/advisories/GHSA-fj67-w3m4-rfmp
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-fj67-w3m4-rfmp

reference_url	https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/xss-vulnerability-in-cmfdifftool

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33513, GHSA-fj67-w3m4-rfmp, PYSEC-2021-85

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-2g7j-6ya2

url VCID-basq-jjsf-3fbd

vulnerability_id VCID-basq-jjsf-3fbd

summary Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.

references

reference_url	https://plone.org/download/releases/5.2.3
reference_id
reference_type
scores
url	https://plone.org/download/releases/5.2.3

reference_url	https://plone.org/security/hotfix/20210518
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518

reference_url	https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt
reference_id
reference_type
scores
url	https://www.compass-security.com/fileadmin/Research/Advisories/2021-07_CSNC-2021-013_XSS_in_Plone_CMS.txt

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url pkg:pypi/plone@5.2.4

purl pkg:pypi/plone@5.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.4

aliases CVE-2021-3313, PYSEC-2021-78

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-basq-jjsf-3fbd

url VCID-bmwk-nutp-r3fs

vulnerability_id VCID-bmwk-nutp-r3fs

summary SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)

references

reference_url	https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121

reference_url	https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects

reference_url	https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/01/22/1

reference_url	http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/01/24/1

fixed_packages

url pkg:pypi/plone@5.2.2

purl pkg:pypi/plone@5.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2

aliases CVE-2020-7939, PYSEC-2020-88

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmwk-nutp-r3fs

url VCID-d42u-s7za-a3ad

vulnerability_id VCID-d42u-s7za-a3ad

summary Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.

references

reference_url	https://github.com/advisories/GHSA-gc9g-67cq-p7v4
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-gc9g-67cq-p7v4

reference_url	https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33511, GHSA-gc9g-67cq-p7v4, PYSEC-2021-83

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d42u-s7za-a3ad

url VCID-edq7-7ncc-mbfx

vulnerability_id VCID-edq7-7ncc-mbfx

summary By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)

references

reference_url	https://github.com/advisories/GHSA-xvwv-6wvx-px9x
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-xvwv-6wvx-px9x

reference_url	https://github.com/plone/Plone
reference_id
reference_type
scores
url	https://github.com/plone/Plone

reference_url	https://github.com/plone/Products.CMFPlone/issues/2232
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/issues/2232

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2018-73.yaml

reference_url	https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000484
reference_id	CVE-2017-1000484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-1000484

fixed_packages

url pkg:pypi/plone@5.1.0

purl pkg:pypi/plone@5.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1.0

aliases CVE-2017-1000484, GHSA-xvwv-6wvx-px9x, PYSEC-2018-73

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edq7-7ncc-mbfx

url VCID-eu4z-htaq-c3d6

vulnerability_id VCID-eu4z-htaq-c3d6

summary Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.

references

reference_url	https://github.com/advisories/GHSA-4mg4-wvmx-5332
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-4mg4-wvmx-5332

reference_url	https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33510, GHSA-4mg4-wvmx-5332, PYSEC-2021-82

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4z-htaq-c3d6

url VCID-exan-4j3e-2qeh

vulnerability_id VCID-exan-4j3e-2qeh

summary Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.

references

reference_url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt

reference_url	https://github.com/advisories/GHSA-wq6x-g685-w5f2
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-wq6x-g685-w5f2

reference_url	https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/issues/3209

reference_url	https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url	https://www.misakikata.com/codes/plone/python-en.html

fixed_packages

url pkg:pypi/plone@5.2.3

purl pkg:pypi/plone@5.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3

aliases CVE-2020-28734, GHSA-wq6x-g685-w5f2, PYSEC-2020-246

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-exan-4j3e-2qeh

url VCID-fdpc-runu-ekah

vulnerability_id VCID-fdpc-runu-ekah

summary Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

references

reference_url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
reference_id
reference_type
scores
url	https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt

reference_url	https://github.com/advisories/GHSA-x7wf-5mjc-6x76
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-x7wf-5mjc-6x76

reference_url	https://github.com/plone/Products.CMFPlone/issues/3209
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/issues/3209

reference_url	https://www.misakikata.com/codes/plone/python-en.html
reference_id
reference_type
scores
url	https://www.misakikata.com/codes/plone/python-en.html

fixed_packages

url pkg:pypi/plone@5.2.3

purl pkg:pypi/plone@5.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.3

aliases CVE-2020-28735, GHSA-x7wf-5mjc-6x76, PYSEC-2020-247

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpc-runu-ekah

url VCID-j8fv-uhxw-jkcw

vulnerability_id VCID-j8fv-uhxw-jkcw

summary A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.

references

reference_url	https://plone.org/security/hotfix/20200121
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121

reference_url	https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content

reference_url	https://www.openwall.com/lists/oss-security/2020/01/22/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2020/01/22/1

reference_url	http://www.openwall.com/lists/oss-security/2020/01/24/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/01/24/1

fixed_packages

url pkg:pypi/plone@5.2.2

purl pkg:pypi/plone@5.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.2

aliases CVE-2020-7941, PYSEC-2020-90

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fv-uhxw-jkcw

url VCID-jvvz-bafs-t7gc

vulnerability_id VCID-jvvz-bafs-t7gc

summary Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

references

reference_url	https://plone.org/security/hotfix/20160419/bypass-restricted-python
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20160419/bypass-restricted-python

reference_url	http://www.openwall.com/lists/oss-security/2016/04/20/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/04/20/3

fixed_packages

url pkg:pypi/plone@5.1a2

purl pkg:pypi/plone@5.1a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2

aliases CVE-2016-4043, PYSEC-2017-57

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvz-bafs-t7gc

url VCID-p71t-er3d-9fdn

vulnerability_id VCID-p71t-er3d-9fdn

summary Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document.

references

reference_url	https://github.com/advisories/GHSA-hm2h-f456-6j88
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-hm2h-f456-6j88

reference_url	https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/stored-xss-from-file-upload-svg-html

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33512, GHSA-hm2h-f456-6j88, PYSEC-2021-84

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p71t-er3d-9fdn

url VCID-pzke-4by2-w3hk

vulnerability_id VCID-pzke-4by2-w3hk

summary Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.

references

reference_url	https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content

reference_url	http://www.openwall.com/lists/oss-security/2016/04/20/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/04/20/2

fixed_packages

url pkg:pypi/plone@5.1a2

purl pkg:pypi/plone@5.1a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2

aliases CVE-2016-4042, PYSEC-2017-56

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pzke-4by2-w3hk

url VCID-q7nt-b3s9-9kf6

vulnerability_id VCID-q7nt-b3s9-9kf6

summary Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.

references

reference_url	https://github.com/advisories/GHSA-35rg-466w-77h3
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-35rg-466w-77h3

reference_url	https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33507, GHSA-35rg-466w-77h3, PYSEC-2021-79

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7nt-b3s9-9kf6

url VCID-r52t-hx1j-ufa1

vulnerability_id VCID-r52t-hx1j-ufa1

summary Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item.

references

reference_url	https://github.com/advisories/GHSA-rmpv-rcp6-v8wc
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-rmpv-rcp6-v8wc

reference_url	https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33508, GHSA-rmpv-rcp6-v8wc, PYSEC-2021-80

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r52t-hx1j-ufa1

url VCID-x2xm-hpc2-uubq

vulnerability_id VCID-x2xm-hpc2-uubq

summary Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

references

reference_url	https://github.com/advisories/GHSA-hm2p-fhwx-9285
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-hm2p-fhwx-9285

reference_url	https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script

reference_url	http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/05/22/1

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33509, GHSA-hm2p-fhwx-9285, PYSEC-2021-81

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2xm-hpc2-uubq

url VCID-z4jt-v88h-77er

vulnerability_id VCID-z4jt-v88h-77er

summary An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.

references

reference_url	https://github.com/plone/Plone
reference_id
reference_type
scores
url	https://github.com/plone/Plone

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml

reference_url

https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf

reference_url

https://plone.org/security/hotfix/20210518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://plone.org/security/hotfix/20210518

reference_url

https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-33926
reference_id	CVE-2021-33926
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-33926

reference_url	https://github.com/advisories/GHSA-47p5-p3jw-w78w
reference_id	GHSA-47p5-p3jw-w78w
reference_type
scores
url	https://github.com/advisories/GHSA-47p5-p3jw-w78w

fixed_packages

url	pkg:pypi/plone@5.2.5
purl	pkg:pypi/plone@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.2.5

aliases CVE-2021-33926, GHSA-47p5-p3jw-w78w, PYSEC-2023-289

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4jt-v88h-77er

url VCID-zwnj-revc-vbd6

vulnerability_id VCID-zwnj-revc-vbd6

summary Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

references

reference_url	https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav

reference_url	http://www.openwall.com/lists/oss-security/2016/04/20/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/04/20/1

fixed_packages

url pkg:pypi/plone@5.1a2

purl pkg:pypi/plone@5.1a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29gf-82fr-k3h8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-951j-w95x-83g8

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.1a2

aliases CVE-2016-4041, PYSEC-2017-55

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwnj-revc-vbd6

Fixing_vulnerabilities

url VCID-h4kd-eh8g-gude

vulnerability_id VCID-h4kd-eh8g-gude

summary Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.

references

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1264788
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1264788

reference_url	https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087
reference_id
reference_type
scores
url	https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087

reference_url	https://plone.org/security/20150910/
reference_id
reference_type
scores
url	https://plone.org/security/20150910/

reference_url	https://plone.org/security/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url	https://plone.org/security/20150910/non-persistent-xss-in-plone

reference_url	https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone

reference_url	https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url	https://pypi.python.org/pypi/Products.PloneHotfix20150910

reference_url	http://www.openwall.com/lists/oss-security/2015/09/22/14
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/09/22/14

fixed_packages

url pkg:pypi/plone@4.0a1

purl pkg:pypi/plone@4.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jhw6-wxz2-qbgd

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-zd73-fvwg-nbgx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1

url pkg:pypi/plone@4.1a1

purl pkg:pypi/plone@4.1a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1

url pkg:pypi/plone@4.2a1

purl pkg:pypi/plone@4.2a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-b2az-q6wv-eyhw

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1

url pkg:pypi/plone@4.3a1

purl pkg:pypi/plone@4.3a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1

url pkg:pypi/plone@4.3.7

purl pkg:pypi/plone@4.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7

url pkg:pypi/plone@5.0rc2

purl pkg:pypi/plone@5.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-jvvz-bafs-t7gc

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2

aliases CVE-2015-7316, PYSEC-2017-53

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude

url VCID-wuas-tkd4-rkd4

vulnerability_id VCID-wuas-tkd4-rkd4

summary Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

references

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1264791
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1264791

reference_url	https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406
reference_id
reference_type
scores
url	https://github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406

reference_url	https://plone.org/security/20150910
reference_id
reference_type
scores
url	https://plone.org/security/20150910

reference_url	https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url	https://plone.org/security/20150910/anonymous-is-able-to-create-plone-members

reference_url	https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members
reference_id
reference_type
scores
url	https://plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members

reference_url	https://pypi.python.org/pypi/Products.PloneHotfix20150910
reference_id
reference_type
scores
url	https://pypi.python.org/pypi/Products.PloneHotfix20150910

reference_url	http://www.openwall.com/lists/oss-security/2015/09/22/13
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/09/22/13

fixed_packages

url pkg:pypi/plone@4.0a1

purl pkg:pypi/plone@4.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jhw6-wxz2-qbgd

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-zd73-fvwg-nbgx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.0a1

url pkg:pypi/plone@4.1a1

purl pkg:pypi/plone@4.1a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-3buw-zes9-ukg4

vulnerability	VCID-3shf-hh9a-rqdw

vulnerability	VCID-4v5e-r5we-tffe

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9a27-8egg-7uam

vulnerability	VCID-9dr2-mexa-qfbn

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-9u27-bf7b-x7er

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-hygx-6n52-u7fz

vulnerability	VCID-jvwn-yw13-gfe9

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-nrxp-p6rx-8kdd

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-s84e-bb7w-5qht

vulnerability	VCID-shjb-m9k6-uuf1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-ud5f-7gx8-83d6

vulnerability	VCID-uqe7-n3uh-zfac

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-x8n5-qj35-eqb1

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-yhzr-hb68-cfd6

vulnerability	VCID-ykmg-jcfe-8qf4

vulnerability	VCID-yuph-y2fa-3uaa

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.1a1

url pkg:pypi/plone@4.2a1

purl pkg:pypi/plone@4.2a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-b2az-q6wv-eyhw

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.2a1

url pkg:pypi/plone@4.3a1

purl pkg:pypi/plone@4.3a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-2sk4-yc6h-17c4

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-9kgy-2mwu-6yhd

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-chqa-wbu7-eyak

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-dxqw-uf6r-vbbh

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eg2r-ez9f-hkak

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-g2ap-vh6r-yqds

vulnerability	VCID-g6ky-pfur-7kfg

vulnerability	VCID-gdtw-2d1s-2bbw

vulnerability	VCID-h8ur-tnzd-afay

vulnerability	VCID-hb93-ea78-8ygv

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-khhr-m295-23gs

vulnerability	VCID-khsn-43tn-37bx

vulnerability	VCID-krfw-xa2b-vue5

vulnerability	VCID-kz14-79we-xbfe

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-mt5t-3gsw-7fde

vulnerability	VCID-n4nh-4rq4-r7hx

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pb2y-jwn1-wbck

vulnerability	VCID-pgrv-sncf-cqca

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-svbc-dj3m-t7av

vulnerability	VCID-tc7w-wttv-vfed

vulnerability	VCID-uykg-p1e9-mfd8

vulnerability	VCID-vr9k-9xch-4yc7

vulnerability	VCID-w2mv-zekv-8fcv

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-x6y6-xx1a-7kfd

vulnerability	VCID-xpq8-npn5-kyb9

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-zd73-fvwg-nbgx

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3a1

url pkg:pypi/plone@4.3.7

purl pkg:pypi/plone@4.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17w2-gd3m-2qff

vulnerability	VCID-5n6e-cha8-nyb8

vulnerability	VCID-5ry7-xy6b-5fag

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-69ps-uetw-y3gf

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-ay85-551m-vfej

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-cpwq-sq8b-4yhf

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-dg61-tw4u-dbcc

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-hhux-xufk-ube2

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-mn7t-zgfw-tqfw

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-yfkz-3xu3-vyc9

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

vulnerability	VCID-zy2g-gzmk-1qcz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@4.3.7

url pkg:pypi/plone@5.0rc2

purl pkg:pypi/plone@5.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6568-4ert-1bau

vulnerability	VCID-8rp3-p3qe-x7ej

vulnerability	VCID-8wkk-84ky-17ak

vulnerability	VCID-9gu8-dgkr-sua3

vulnerability	VCID-ax8a-2g7j-6ya2

vulnerability	VCID-basq-jjsf-3fbd

vulnerability	VCID-bmwk-nutp-r3fs

vulnerability	VCID-d42u-s7za-a3ad

vulnerability	VCID-edq7-7ncc-mbfx

vulnerability	VCID-eu4z-htaq-c3d6

vulnerability	VCID-exan-4j3e-2qeh

vulnerability	VCID-fdpc-runu-ekah

vulnerability	VCID-j8fv-uhxw-jkcw

vulnerability	VCID-jvvz-bafs-t7gc

vulnerability	VCID-p71t-er3d-9fdn

vulnerability	VCID-pzke-4by2-w3hk

vulnerability	VCID-q7nt-b3s9-9kf6

vulnerability	VCID-r52t-hx1j-ufa1

vulnerability	VCID-x2xm-hpc2-uubq

vulnerability	VCID-z4jt-v88h-77er

vulnerability	VCID-zwnj-revc-vbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2

aliases CVE-2015-7315, PYSEC-2017-52

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuas-tkd4-rkd4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@5.0rc2

Package Instance