CVE-2012-5487

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Affected Software

Name	Vendor	Start Version	End Version
Plone	Plone	*	4.2.2 (including)
Plone	Plone	1.0 (including)	1.0 (including)
Plone	Plone	1.0.1 (including)	1.0.1 (including)
Plone	Plone	1.0.2 (including)	1.0.2 (including)
Plone	Plone	1.0.3 (including)	1.0.3 (including)
Plone	Plone	1.0.4 (including)	1.0.4 (including)
Plone	Plone	1.0.5 (including)	1.0.5 (including)
Plone	Plone	1.0.6 (including)	1.0.6 (including)
Plone	Plone	2.0 (including)	2.0 (including)
Plone	Plone	2.0.1 (including)	2.0.1 (including)
Plone	Plone	2.0.2 (including)	2.0.2 (including)
Plone	Plone	2.0.3 (including)	2.0.3 (including)
Plone	Plone	2.0.4 (including)	2.0.4 (including)
Plone	Plone	2.0.5 (including)	2.0.5 (including)
Plone	Plone	2.1 (including)	2.1 (including)
Plone	Plone	2.1.1 (including)	2.1.1 (including)
Plone	Plone	2.1.2 (including)	2.1.2 (including)
Plone	Plone	2.1.3 (including)	2.1.3 (including)
Plone	Plone	2.1.4 (including)	2.1.4 (including)
Plone	Plone	2.5 (including)	2.5 (including)
Plone	Plone	2.5.1 (including)	2.5.1 (including)
Plone	Plone	2.5.2 (including)	2.5.2 (including)
Plone	Plone	2.5.3 (including)	2.5.3 (including)
Plone	Plone	2.5.4 (including)	2.5.4 (including)
Plone	Plone	2.5.5 (including)	2.5.5 (including)
Plone	Plone	3.0 (including)	3.0 (including)
Plone	Plone	3.0.1 (including)	3.0.1 (including)
Plone	Plone	3.0.2 (including)	3.0.2 (including)
Plone	Plone	3.0.3 (including)	3.0.3 (including)
Plone	Plone	3.0.4 (including)	3.0.4 (including)
Plone	Plone	3.0.5 (including)	3.0.5 (including)
Plone	Plone	3.0.6 (including)	3.0.6 (including)
Plone	Plone	3.1 (including)	3.1 (including)
Plone	Plone	3.1.1 (including)	3.1.1 (including)
Plone	Plone	3.1.2 (including)	3.1.2 (including)
Plone	Plone	3.1.3 (including)	3.1.3 (including)
Plone	Plone	3.1.4 (including)	3.1.4 (including)
Plone	Plone	3.1.5.1 (including)	3.1.5.1 (including)
Plone	Plone	3.1.6 (including)	3.1.6 (including)
Plone	Plone	3.1.7 (including)	3.1.7 (including)
Plone	Plone	3.2 (including)	3.2 (including)
Plone	Plone	3.2.1 (including)	3.2.1 (including)
Plone	Plone	3.2.2 (including)	3.2.2 (including)
Plone	Plone	3.2.3 (including)	3.2.3 (including)
Plone	Plone	3.3 (including)	3.3 (including)
Plone	Plone	3.3.1 (including)	3.3.1 (including)
Plone	Plone	3.3.2 (including)	3.3.2 (including)
Plone	Plone	3.3.3 (including)	3.3.3 (including)
Plone	Plone	3.3.4 (including)	3.3.4 (including)
Plone	Plone	3.3.5 (including)	3.3.5 (including)
Plone	Plone	4.0 (including)	4.0 (including)
Plone	Plone	4.0.1 (including)	4.0.1 (including)
Plone	Plone	4.0.2 (including)	4.0.2 (including)
Plone	Plone	4.0.3 (including)	4.0.3 (including)
Plone	Plone	4.0.4 (including)	4.0.4 (including)
Plone	Plone	4.0.5 (including)	4.0.5 (including)
Plone	Plone	4.0.6.1 (including)	4.0.6.1 (including)
Plone	Plone	4.1 (including)	4.1 (including)
Plone	Plone	4.1.4 (including)	4.1.4 (including)
Plone	Plone	4.1.5 (including)	4.1.5 (including)
Plone	Plone	4.1.6 (including)	4.1.6 (including)
Plone	Plone	4.2 (including)	4.2 (including)
Plone	Plone	4.2-a1 (including)	4.2-a1 (including)
Plone	Plone	4.2-a2 (including)	4.2-a2 (including)
Plone	Plone	4.2-b1 (including)	4.2-b1 (including)
Plone	Plone	4.2-b2 (including)	4.2-b2 (including)
Plone	Plone	4.2-rc1 (including)	4.2-rc1 (including)
Plone	Plone	4.2-rc2 (including)	4.2-rc2 (including)
Plone	Plone	4.2.0.1 (including)	4.2.0.1 (including)
Plone	Plone	4.2.1 (including)	4.2.1 (including)
Plone	Plone	4.2.1.1 (including)	4.2.1.1 (including)
Plone	Plone	4.3 (including)	4.3 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5487
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References