Plone Unauthorized Access Vulnerability
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Sep 1, 2023
Description
Published by the National Vulnerability Database
Jan 3, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jul 26, 2023
Last updated
Sep 1, 2023
Accessing private content via
str.format
in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.References