CVE-2012-5489: Plone and Zope2 vulnerable to unauthorized access to restricted attributes
(updated )
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
- bugs.launchpad.net/zope2/+bug/1079238
- github.com/advisories/GHSA-879r-7f3w-8jj3
- github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml
- github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml
- nvd.nist.gov/vuln/detail/CVE-2012-5489
- plone.org/products/plone-hotfix/releases/20121106
- plone.org/products/plone/security/advisories/20121106/05
Detect and mitigate CVE-2012-5489 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →