GHSA-jcjp-qqpq-pc54
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jcjp-qqpq-pc54
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcjp-qqpq-pc54/GHSA-jcjp-qqpq-pc54.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jcjp-qqpq-pc54
- Aliases
-
- CVE-2006-3458
- Published
- 2022-05-01T07:09:18Z
- Modified
- 2024-11-22T04:59:46.825660Z
- Summary
- Zope allows local users to read arbitrary files
- Details
-
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
- Database specific
{ "nvd_published_at": "2006-07-07T23:05:00Z", "cwe_ids": [], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-11-21T22:13:08Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2006-3458
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml
- https://github.com/zopefoundation/Zope
- https://usn.ubuntu.com/317-1
- http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
- http://www.debian.org/security/2006/dsa-1113
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
Affected packages
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2