返回 CVE 瀏覽器

CVE-2021-33509

CRITICAL

9.9

CVSS Severity Score

EPSS Score0.1860%

EPSS Percentile42.46th

Published2021年5月21日

Last Modified2024年11月21日

Vulnerability Description

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.

Affected Platforms (CPE)

📦

Plone

Plone

<= 5.2.4

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2021/05/22/1

🔗 https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script

🔗 http://www.openwall.com/lists/oss-security/2021/05/22/1

🔗 https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script

相關漏洞威脅

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2020-351909.8

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Syste...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2011-35879.3

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remo...