products-cmfcore

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting products-cmfcorepage 1 of 1

CVE-2021-33507MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.5.1
2021-05-21
vulnerable: 2.1.1 ... 2.5.0 (42 versions)
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
CVE-2023-36814HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2
2023-07-03
vulnerable: 2.1.1 ... 2.7.1 (51 versions)
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denia…

Check whether products-cmfcore is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for products-cmfcore CVEs against the assets you own.

Start Free Scan →