CVE-2006-3458 – zope2

Package

Manager: pip
Name: zope2
Vulnerable Version: >=2.7.0 <2.7.8 || >=2.8.0 <2.8.7 || >=2.9.0 <2.9.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00103 pctl0.28852

Details

Zope allows local users to read arbitrary files Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Metadata

Created: 2022-05-01T07:09:18Z
Modified: 2024-11-21T22:13:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcjp-qqpq-pc54/GHSA-jcjp-qqpq-pc54.json
CWE IDs: []
Alternative ID: GHSA-jcjp-qqpq-pc54
Finding: F123
Auto approve: 1