CVE-2012-5487
published 2014-09-30CVE-2012-5487: The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to…
PriorityP347high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
1.70%
74.3th percentile
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | <= 4.2.2 | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
CVSS provenance
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Plone Sandbox Bypass
ghsa·2022-05-17
CVE-2012-5487 [MEDIUM] CWE-693 Plone Sandbox Bypass
Plone Sandbox Bypass
The sandbox whitelisting function (`allowmodule.py`) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
OSV
Plone Sandbox Bypass
osv·2022-05-17
CVE-2012-5487 [MEDIUM] Plone Sandbox Bypass
Plone Sandbox Bypass
The sandbox whitelisting function (`allowmodule.py`) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
OSV
CVE-2012-5487: The sandbox whitelisting function (allowmodule
osv·2014-09-30
CVE-2012-5487 CVE-2012-5487: The sandbox whitelisting function (allowmodule
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Red Hat
(Plone): Restricted Python sandbox escape
vendor_redhat·2012-11-06·CVSS 8.5
CVE-2012-5487 [HIGH] (Plone): Restricted Python sandbox escape
(Plone): Restricted Python sandbox escape
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Statement: Not vulnerable. This issue did not affect the versions of luci (as provided by conga) as shipped with Red Hat Enterprise Linux 5.
Package: conga (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2012/11/10/1https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txthttps://plone.org/products/plone-hotfix/releases/20121106https://plone.org/products/plone/security/advisories/20121106/03http://www.openwall.com/lists/oss-security/2012/11/10/1https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txthttps://plone.org/products/plone-hotfix/releases/20121106https://plone.org/products/plone/security/advisories/20121106/03
2014-09-30
Published