FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

plone -- unsafe data interpreted as pickles

Affected packages
2.5 <= plone < 2.5.5
3.0 <= plone < 3.0.3

Details

VuXML ID ffba6ab0-90b5-11dc-9835-003048705d5a
Discovery 2007-11-06
Entry 2007-11-12

Plone projectreports:

This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.

References

Bugtraq ID 26354
CVE Name CVE-2007-5741