—

PYSEC-2014-35

Details

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 4.2.3

Fix pip install --upgrade 'plone>=4.2.3'

References

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt [WEB]
https://plone.org/products/plone/security/advisories/20121106/09 [ADVISORY]
http://www.openwall.com/lists/oss-security/2012/11/10/1 [WEB]
https://plone.org/products/plone-hotfix/releases/20121106 [WEB]