CVE-2000-1211 – zope

Package

Manager: pip
Name: zope
Vulnerable Version: >=2.2.0 <=2.2.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00602 pctl0.68559

Details

Zope does not properly perform security registration for legacy names Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Metadata

Created: 2022-04-30T18:15:07Z
Modified: 2023-09-18T22:28:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-h2xh-jvpf-xq42/GHSA-h2xh-jvpf-xq42.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-h2xh-jvpf-xq42
Finding: F039
Auto approve: 1