CVE-2017-1000483 | Vulnerability Database | Aqua Security

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.

Affected Software

Name	Vendor	Start Version	End Version
Plone	Plone	2.5.5 (including)	2.5.5 (including)
Plone	Plone	3.3 (including)	3.3 (including)
Plone	Plone	3.3.1 (including)	3.3.1 (including)
Plone	Plone	3.3.2 (including)	3.3.2 (including)
Plone	Plone	3.3.3 (including)	3.3.3 (including)
Plone	Plone	3.3.4 (including)	3.3.4 (including)
Plone	Plone	3.3.5 (including)	3.3.5 (including)
Plone	Plone	3.3.6 (including)	3.3.6 (including)
Plone	Plone	4.0 (including)	4.0 (including)
Plone	Plone	4.0.1 (including)	4.0.1 (including)
Plone	Plone	4.0.2 (including)	4.0.2 (including)
Plone	Plone	4.0.3 (including)	4.0.3 (including)
Plone	Plone	4.0.4 (including)	4.0.4 (including)
Plone	Plone	4.0.5 (including)	4.0.5 (including)
Plone	Plone	4.0.7 (including)	4.0.7 (including)
Plone	Plone	4.0.8 (including)	4.0.8 (including)
Plone	Plone	4.0.9 (including)	4.0.9 (including)
Plone	Plone	4.0.10 (including)	4.0.10 (including)
Plone	Plone	4.1 (including)	4.1 (including)
Plone	Plone	4.1.1 (including)	4.1.1 (including)
Plone	Plone	4.1.2 (including)	4.1.2 (including)
Plone	Plone	4.1.3 (including)	4.1.3 (including)
Plone	Plone	4.1.4 (including)	4.1.4 (including)
Plone	Plone	4.1.5 (including)	4.1.5 (including)
Plone	Plone	4.1.6 (including)	4.1.6 (including)
Plone	Plone	4.2 (including)	4.2 (including)
Plone	Plone	4.2.1 (including)	4.2.1 (including)
Plone	Plone	4.2.2 (including)	4.2.2 (including)
Plone	Plone	4.2.3 (including)	4.2.3 (including)
Plone	Plone	4.2.4 (including)	4.2.4 (including)
Plone	Plone	4.2.5 (including)	4.2.5 (including)
Plone	Plone	4.2.6 (including)	4.2.6 (including)
Plone	Plone	4.2.7 (including)	4.2.7 (including)
Plone	Plone	4.3 (including)	4.3 (including)
Plone	Plone	4.3.1 (including)	4.3.1 (including)
Plone	Plone	4.3.2 (including)	4.3.2 (including)
Plone	Plone	4.3.3 (including)	4.3.3 (including)
Plone	Plone	4.3.4 (including)	4.3.4 (including)
Plone	Plone	4.3.5 (including)	4.3.5 (including)
Plone	Plone	4.3.6 (including)	4.3.6 (including)
Plone	Plone	4.3.7 (including)	4.3.7 (including)
Plone	Plone	4.3.8 (including)	4.3.8 (including)
Plone	Plone	4.3.9 (including)	4.3.9 (including)
Plone	Plone	4.3.10 (including)	4.3.10 (including)
Plone	Plone	4.3.11 (including)	4.3.11 (including)
Plone	Plone	4.3.12 (including)	4.3.12 (including)
Plone	Plone	4.3.14 (including)	4.3.14 (including)
Plone	Plone	4.3.15 (including)	4.3.15 (including)
Plone	Plone	5.0 (including)	5.0 (including)
Plone	Plone	5.0-rc1 (including)	5.0-rc1 (including)
Plone	Plone	5.0-rc2 (including)	5.0-rc2 (including)
Plone	Plone	5.0-rc3 (including)	5.0-rc3 (including)
Plone	Plone	5.0.1 (including)	5.0.1 (including)
Plone	Plone	5.0.2 (including)	5.0.2 (including)
Plone	Plone	5.0.3 (including)	5.0.3 (including)
Plone	Plone	5.0.4 (including)	5.0.4 (including)
Plone	Plone	5.0.5 (including)	5.0.5 (including)
Plone	Plone	5.0.6 (including)	5.0.6 (including)
Plone	Plone	5.0.7 (including)	5.0.7 (including)
Plone	Plone	5.0.8 (including)	5.0.8 (including)
Plone	Plone	5.0.9 (including)	5.0.9 (including)
Plone	Plone	5.1 (including)	5.1 (including)
Plone	Plone	5.1-a1 (including)	5.1-a1 (including)
Plone	Plone	5.1-a2 (including)	5.1-a2 (including)
Plone	Plone	5.1-b2 (including)	5.1-b2 (including)
Plone	Plone	5.1-b3 (including)	5.1-b3 (including)
Plone	Plone	5.1-b4 (including)	5.1-b4 (including)
Plone	Plone	5.1-rc1 (including)	5.1-rc1 (including)

References

https://plone.org/security/hotfix/20171128/sandbox-escape

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-1000483
CWE	https://cwe.mitre.org/data/definitions/.html