-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| plone | pip | >= 2.1, <= 4.1 | 4.1.1 |
| plone | pip | >= 4.2, < 4.2.6 | 4.2.6 |
| plone | pip | >= 4.3, < 4.3.2 | 4.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability centers around improper enforcement of the 'immutable' setting in content edit forms. The advisory specifically identifies typeswidget.py as the vulnerable component. In Plone's architecture, TypesWidget handles field rendering in content forms. The render method would be responsible for applying immutability restrictions. The attack vector (crafted URL manipulation) suggests the function trusts unvalidated request parameters when determining field visibility, bypassing immutability checks. While the exact function name isn't explicitly stated in references, the file path and widget behavior patterns in Plone strongly indicate the render method as the vulnerable component responsible for field display logic.
Ongoing coverage of React2Shell