EPSS
Percentile
28.4%
AccessControl is vulnerable to sandbox escapes. Attackers can use the str.format function through web templates to access private content. Note: this is only relevant for projects using Python 2.6 or greater.
str.format
github.com/zopefoundation/Zope/issues/227
plone.org/security/hotfix/20171128
plone.org/security/hotfix/20171128/sandbox-escape