Safety vulnerability ID: 35259
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Latest version: 5.10
Zope application server / web framework
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
MLIST:[Zope-announce] 20060706 Serious security problem with Zope 2: http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
CONFIRM:http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt: http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
DEBIAN:DSA-1113: http://www.debian.org/security/2006/dsa-1113
SUSE:SUSE-SR:2006:019: http://www.novell.com/linux/security/advisories/2006_19_sr.html
UBUNTU:USN-317-1: http://www.ubuntulinux.org/support/documentation/usn/usn-317-1
BID:18856: http://www.securityfocus.com/bid/18856
VUPEN:ADV-2006-2681: http://www.vupen.com/english/advisories/2006/2681
SECUNIA:20988: http://secunia.com/advisories/20988
SECUNIA:21025: http://secunia.com/advisories/21025
SECUNIA:21130: http://secunia.com/advisories/21130
SECUNIA:21459: http://secunia.com/advisories/21459
XF:zope-docutils-information-disclosure(27636): https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application