10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2012-5493

GHSA ID

GHSA-25jh-5h5r-h33m

EPSS Score

0.64784%

CWE

CWE-94

Published

5/17/2022

Updated

10/9/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-5493

CVE-2012-5493: Plone Sandbox Bypass

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2012-5493

CVE-2012-5493:

10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2012-5493

GHSA ID

GHSA-25jh-5h5r-h33m

EPSS Score

0.64784%

CWE

CWE-94

Published

5/17/2022

Updated

10/9/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
plone	pip	< 4.2.3	4.2.3
Plone	pip	>= 4.3a0, < 4.3b1	4.3b1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly references gtbn.py as the source of the sandbox bypass. While the exact function names aren't disclosed in public advisories, the file's role in Python sandboxing (likely implementing TAL expression evaluation or similar) makes it the logical location for the flaw. The CWE-94 (Code Injection) classification confirms this involves improper control of code generation/execution. The patched versions (4.2.3/4.3b1) and associated hotfix documentation further corroborate that modifications to this file were critical for resolving the issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

10

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2012-5493: Plone Sandbox Bypass

CVE-2012-5493:

10

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

10

10

CVE-2012-5493: Plone Sandbox Bypass

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI