Plone Sandbox Escape
Moderate severity
GitHub Reviewed
Published
Jul 12, 2018
to the GitHub Advisory Database
•
Updated Sep 1, 2023
Package
Affected versions
>= 4.0, < 4.3.12
>= 5.0rc1, < 5.0.7
>= 5.1a1, <= 5.1a2
Patched versions
4.3.12
5.0.7
5.1b1
Description
Published to the GitHub Advisory Database
Jul 12, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 1, 2023
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
References