mailing list archives
CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 29 Sep 2011 17:59:38 +0200
Hello Josh, Steve, vendors,
Plone upstream has published a pre-announcement about a security
flaw, present in Zope v2.12.x and Zope v2.13.x, which could allow
execution of arbitrary code by anonymous users. An authenticated
attacker could provide a specially-crafted web page, which once
visited by an unsuspecting Zope user would lead to arbitrary commands
execution with the privileges of the Zope/Plone service.
Note: The vendor announced the final version of the advisory and
the patch to be available at 2011-10-04 15:00 UTC at the
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Jan Lieskovsky (Sep 29)