CVE-2012-5489

NameCVE-2012-5489
DescriptionThe App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs692899

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zope2.12source(unstable)(unfixed)692899

Notes

[wheezy] - zope2.12 <no-dsa> (Minor issue)
https://plone.org/products/plone/security/advisories/20121106/05

Search for package or bug name: Reporting problems