zope2
PyPI11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting zope2page 1 of 1
- CVE-2006-3458NONECVSS 0.0EG 0.0✓ Fixed in 2.9.32006-07-07
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbit…
- CVE-2006-4684NONECVSS 0.0EG 0.0✓ Fixed in 2.8.92006-09-19
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a diff…
- CVE-2009-5145MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.12.52017-08-07
vulnerable: 2.12.0 ... 2.12.4 (14 versions)
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
- CVE-2010-1104NONECVSS 0.0EG 0.0✓ Fixed in 2.12.32010-03-25
vulnerable: 2.12.0, 2.12.1, 2.12.2
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors rel…
- CVE-2011-2528NONECVSS 0.0EG 0.0✓ Fixed in 2.13.82011-07-19
vulnerable: 2.13.0 ... 2.13.7 (8 versions)
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related t…
- CVE-2011-3587NONECVSS 0.0EG 9.0✓ Fixed in 2.13.102011-10-10
vulnerable: 2.13.0 ... 2.13.9 (10 versions)
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of…
- CVE-2011-4924MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.13.122019-11-25
vulnerable: 2.13.0 ... 2.13.9 (18 versions)
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script o…
- CVE-2012-5486NONECVSS 0.0EG 0.0✓ Fixed in 2.13.192014-09-30
vulnerable: 2.12.0 ... 2.13.9 (63 versions)
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
- CVE-2012-5489NONECVSS 0.0EG 0.0✓ Fixed in 2.13.112014-09-30
vulnerable: 2.12.0 ... 2.13.9 (41 versions)
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via …
- CVE-2012-5507NONECVSS 0.0EG 0.0✓ Fixed in 2.13.192014-09-30
vulnerable: 2.12.0 ... 2.13.9 (63 versions)
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
- CVE-2012-6661NONECVSS 0.0EG 0.0✓ Fixed in 2.13.192014-11-03
vulnerable: 2.12.0 ... 2.13.9 (63 versions)
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue w…
Check whether zope2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for zope2 CVEs against the assets you own.
Start Free Scan →