An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NPlone Docker Official Image
APPPlone5.2.13
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEContainer
Related vulnerabilities
CVE-2024-23054CRITICAL9.8PL ✓ten sam produkt
RCE w Plone Docker Official Image — brakujący pakiet npm (dependency confusion)
CVE-2021-33509CRITICAL9.9ten sam vendor
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to ...
CVE-2020-35190CRITICAL9.8ten sam vendor
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password fo...
CVE-2020-7941CRITICAL9.8ten sam vendor
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwri...
CVE-2024-22889HIGH7.5ten sam vendor
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted o...