CVE-2006-4684 – zope2

Package

Manager: pip
Name: zope2
Vulnerable Version: >=2.7.0 <=2.7.9 || >=2.8.0 <2.8.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0071 pctl0.71355

Details

Zope allows remote attackers to read arbitrary files The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

Metadata

Created: 2022-05-01T07:20:57Z
Modified: 2024-11-21T23:19:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hm8g-jxjj-gfm3/GHSA-hm8g-jxjj-gfm3.json
CWE IDs: []
Alternative ID: GHSA-hm8g-jxjj-gfm3
Finding: F123
Auto approve: 1