—

PYSEC-2014-29

Details

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 4.2.3

Fix pip install --upgrade 'plone>=4.2.3'

References

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt [WEB]
https://plone.org/products/plone-hotfix/releases/20121106 [WEB]
https://plone.org/products/plone/security/advisories/20121106/03 [ADVISORY]
http://www.openwall.com/lists/oss-security/2012/11/10/1 [WEB]