—

PYSEC-2014-65

Details

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 3.3 Fixed in: 4.3.3

Fix pip install --upgrade 'plone>=4.3.3'

References

https://plone.org/security/20131210/path-leak [WEB]
http://www.openwall.com/lists/oss-security/2013/12/10/15 [WEB]
http://www.openwall.com/lists/oss-security/2013/12/12/3 [WEB]