Описание
Zope allows local users to read arbitrary files
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-3458
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml
- https://usn.ubuntu.com/317-1
- http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
- http://www.debian.org/security/2006/dsa-1113
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
Пакеты
Zope2
>= 2.7.0, < 2.7.8
2.7.8
Zope2
>= 2.8.0, < 2.8.7
2.8.7
Zope2
>= 2.9.0, < 2.9.3
2.9.3
EPSS
CVE ID
Связанные уязвимости
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does n ...
EPSS