—

PYSEC-2017-57

Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 5.0rc1 Fixed in: 5.1a2

Fix pip install --upgrade 'plone>=5.1a2'

References

https://plone.org/security/hotfix/20160419/bypass-restricted-python [WEB]
http://www.openwall.com/lists/oss-security/2016/04/20/3 [WEB]