High severityNVD Advisory· Published Oct 10, 2011· Updated Jun 16, 2026
CVE-2011-4030
CVE-2011-4030
Description
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 4.0, < 4.0.10 | 4.0.10 |
PlonePyPI | >= 4.1, < 4.1.1 | 4.1.1 |
PlonePyPI | >= 4.2a1, < 4.2a3 | 4.2a3 |
Affected products
25cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:plone:cmfeditions:2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b6:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:cmfeditions:2.0b9:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- plone.org/products/plone-hotfix/releases/20110928nvdPatchWEB
- plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zipnvdPatchWEB
- pypi.python.org/pypi/Products.PloneHotfix20110928/1.0nvdPatchWEB
- github.com/advisories/GHSA-pwgm-jvqv-6v8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4030ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-27.yamlghsaWEB
- secunia.com/advisories/46323nvd
- www.securityfocus.com/bid/50287nvd
News mentions
0No linked articles in our index yet.