Medium severity4.9NVD Advisory· Published Feb 24, 2017· Updated May 13, 2026
CVE-2016-4043
CVE-2016-4043
Description
Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 5.0rc1, <= 5.0.4 | — |
Affected products
9cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2016/04/20/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-6h8x-73fx-q2h9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4043ghsaADVISORY
- plone.org/security/hotfix/20160419/bypass-restricted-pythonnvdVendor AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-57.yamlghsaWEB
News mentions
0No linked articles in our index yet.