gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.33%
Published
2014-09-30
Updated
2014-10-01
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Max CVSS
8.5
EPSS Score
0.26%
Published
2014-09-30
Updated
2014-10-01
2 vulnerabilities found