Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-x1d9-n4be-1yc3

Summary Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Aliases

alias	CVE-2007-5741

alias	GHSA-hf26-vvmx-x8c8

alias	PYSEC-2007-4

Fixed_packages

Affected_packages

url pkg:pypi/plone@2.5

purl pkg:pypi/plone@2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-311f-xecp-47fm

vulnerability	VCID-fga8-ymex-67fw

vulnerability	VCID-gwqg-tne8-mbbt

vulnerability	VCID-k3e2-5fk3-cbfe

vulnerability	VCID-x1d9-n4be-1yc3

vulnerability	VCID-y2bq-cb4v-mke6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5

url pkg:pypi/plone@2.5.4

purl pkg:pypi/plone@2.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x1d9-n4be-1yc3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@2.5.4

url pkg:pypi/plone@3.0

purl pkg:pypi/plone@3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x1d9-n4be-1yc3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.0

url pkg:pypi/plone@3.0.2

purl pkg:pypi/plone@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x1d9-n4be-1yc3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plone@3.0.2

References

reference_url	http://osvdb.org/42071
reference_id
reference_type
scores
url	http://osvdb.org/42071

reference_url	http://osvdb.org/42072
reference_id
reference_type
scores
url	http://osvdb.org/42072

reference_url

http://plone.org/about/security/advisories/cve-2007-5741

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://plone.org/about/security/advisories/cve-2007-5741

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5741.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5741.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-5741

reference_id

reference_type

scores

value	0.0361
scoring_system	epss
scoring_elements	0.87983
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-5741

reference_url	http://secunia.com/advisories/27530
reference_id
reference_type
scores
url	http://secunia.com/advisories/27530

reference_url	http://secunia.com/advisories/27559
reference_id
reference_type
scores
url	http://secunia.com/advisories/27559

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/38288

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/38288

reference_url

https://github.com/plone/Plone

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Plone

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml

reference_url

https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354

reference_url

https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded

reference_url

http://www.debian.org/security/2007/dsa-1405

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2007/dsa-1405

reference_url	http://www.securityfocus.com/archive/1/483343/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/483343/100/0/threaded

reference_url	http://www.securityfocus.com/bid/26354
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/26354

reference_url	http://www.vupen.com/english/advisories/2007/3754
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2007/3754

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=366901
reference_id	366901
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=366901

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-5741

reference_id

CVE-2007-5741

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5741

reference_url

https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741

reference_id

CVE-2007-5741

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741

reference_url

https://github.com/advisories/GHSA-hf26-vvmx-x8c8

reference_id

GHSA-hf26-vvmx-x8c8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hf26-vvmx-x8c8

Weaknesses

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1d9-n4be-1yc3

Vulnerability Instance