First published: Fri Jul 07 2006(Updated: )
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zope Zope | =2.8.0 | |
Zope Zope | =2.7.0 | |
Zope Zope | =2.9.2 | |
Zope Zope | =2.7.6 | |
Zope Zope | =2.7.5 | |
Zope Zope | =2.9.1 | |
Zope Zope | =2.7.3 | |
Zope Zope | =2.9.0 | |
Zope Zope | =2.8.5 | |
Zope Zope | =2.8.2 | |
Zope Zope | =2.8.6 | |
Zope Zope | =2.7.4 | |
Zope Zope | =2.8.3 | |
Zope Zope | =2.7.1 | |
Zope Zope | =2.7.2 | |
Zope Zope | =2.9.3 | |
Zope Zope | =2.8.1 | |
Zope Zope | =2.8.4 | |
Zope Zope | =2.7.8 | |
Zope Zope | =2.7.7 | |
Zope Zope | =2.8.7 | |
pip/Zope2 | >=2.9.0<2.9.3 | 2.9.3 |
pip/Zope2 | >=2.8.0<2.8.7 | 2.8.7 |
pip/Zope2 | >=2.7.0<2.7.8 | 2.7.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.