GHSA-7whr-j8vf-r4wj

Suggest an improvement
Source
https://github.com/advisories/GHSA-7whr-j8vf-r4wj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-7whr-j8vf-r4wj/GHSA-7whr-j8vf-r4wj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7whr-j8vf-r4wj
Aliases
  • CVE-2000-1212
Published
2022-04-30T18:15:07Z
Modified
2023-11-01T04:42:32.280304Z
Summary
Zope allows attackers to modify raw image and file data
Details

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Database specific
{
    "nvd_published_at": "2000-12-18T05:00:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T22:26:34Z"
}
References

Affected packages

PyPI / zope

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Last affected
2.2.4