Описание
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00409
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
около 24 лет назад
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
github
больше 3 лет назад
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
EPSS
Процентиль: 61%
0.00409
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other