Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03OTQ0LWg1cnctcW1qeM1jgQ

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Permalink: https://github.com/advisories/GHSA-7944-h5rw-qmjx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03OTQ0LWg1cnctcW1qeM1jgQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 2 months ago


Identifiers: GHSA-7944-h5rw-qmjx, CVE-2002-0688
References: Blast Radius: 0.0

Affected Packages

pypi:zope
Dependent packages: 11
Dependent repositories: 113
Downloads: 49,750 last month
Affected Version Ranges: >= 2.4.0, <= 2.5.1
Fixed in: 2.6.0
All affected versions:
All unaffected versions: 4.1.1, 4.1.2, 4.1.3, 4.2.1, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.6.1, 4.6.2, 4.6.3, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 5.1.1, 5.1.2, 5.2.1, 5.5.1, 5.5.2, 5.7.1, 5.7.2, 5.7.3, 5.8.1, 5.8.2, 5.8.3, 5.8.4, 5.8.5, 5.8.6