CVE-2011-3587: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
- plone.org/products/plone-hotfix/releases/20110928
- plone.org/products/plone/security/advisories/20110928
- pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- bugzilla.redhat.com/show_bug.cgi?id=742297
- github.com/advisories/GHSA-8w48-m6hx-rjw2
- github.com/zopefoundation/Zope/commit/491a583d8c6622b80c75917e5017c4bb4b15e477
- github.com/zopefoundation/Zope/commit/6bb2fb3c04a76b00bec9bd7c069733e06fa6ebe9
- nvd.nist.gov/vuln/detail/CVE-2011-3587
- web.archive.org/web/20111013043934/http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
Detect and mitigate CVE-2011-3587 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →