CVE-2013-4192: Plone is vulnerable to email spoofing

May 17, 2022 (updated October 15, 2024)

sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.

References

bugzilla.redhat.com/show_bug.cgi?id=978464
github.com/advisories/GHSA-f5h9-3hpf-9j8m
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-56.yaml
nvd.nist.gov/vuln/detail/CVE-2013-4192

Code Behaviors & Features

Detect and mitigate CVE-2013-4192 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →