CVE-2017-5524: Sandbox escape via str.format
(updated )
Plone allows remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
References
Detect and mitigate CVE-2017-5524 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →