{"id":"PYSEC-2017-57","details":"Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.","aliases":["CVE-2016-4043","GHSA-6h8x-73fx-q2h9"],"modified":"2023-11-08T03:58:28.305688Z","published":"2017-02-24T20:59:00Z","references":[{"type":"WEB","url":"https://plone.org/security/hotfix/20160419/bypass-restricted-python"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/04/20/3"}],"affected":[{"package":{"name":"plone","ecosystem":"PyPI","purl":"pkg:pypi/plone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.0rc1"},{"fixed":"5.1a2"}]}],"versions":["5.0","5.0.1","5.0.10","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","5.0rc1","5.0rc2","5.0rc3","5.1a1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2017-57.yaml"}}],"schema_version":"1.7.3"}