VYPR
Critical severityNVD Advisory· Published Nov 7, 2007· Updated Jun 16, 2026

CVE-2007-5741

CVE-2007-5741

Description

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
PlonePyPI
>= 2.5, < 2.5.52.5.5
PlonePyPI
>= 3.0, < 3.0.33.0.3

Affected products

9
  • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.5, < 2.5.5

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.