CVE-2007-5741: Plone Arbitrary Code Execution via Unsafe Handling of Pickles
(updated )
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/38288
- github.com/advisories/GHSA-hf26-vvmx-x8c8
- github.com/plone/Plone
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
- nvd.nist.gov/vuln/detail/CVE-2007-5741
- web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
- web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
- web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
Code Behaviors & Features
Detect and mitigate CVE-2007-5741 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →