CVE-2013-4195: Plone Multiple open redirect vulnerabilities

May 17, 2022 (updated October 18, 2024)

Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References

bugzilla.redhat.com/show_bug.cgi?id=978471
github.com/advisories/GHSA-j67j-8hrp-76xm
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-59.yaml
nvd.nist.gov/vuln/detail/CVE-2013-4195

Code Behaviors & Features

Detect and mitigate CVE-2013-4195 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →