Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1obThnLWp4amotZ2ZtM82MNw
Zope allows remote attackers to read arbitrary files
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Permalink: https://github.com/advisories/GHSA-hm8g-jxjj-gfm3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1obThnLWp4amotZ2ZtM82MNw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 1 day ago
Identifiers: GHSA-hm8g-jxjj-gfm3, CVE-2006-4684
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-4684
- http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
- http://www.debian.org/security/2006/dsa-1176
- http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml
- https://github.com/advisories/GHSA-hm8g-jxjj-gfm3
Affected Packages
pypi:zope2
Dependent packages: 9Dependent repositories: 4
Downloads: 8,956 last month
Affected Version Ranges: >= 2.8.0, < 2.8.9, >= 2.7.0, <= 2.7.9
Fixed in: 2.8.9,
All affected versions:
All unaffected versions: 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.12.10, 2.12.11, 2.12.12, 2.12.13, 2.12.14, 2.12.15, 2.12.16, 2.12.17, 2.12.18, 2.12.19, 2.12.20, 2.12.21, 2.12.22, 2.12.23, 2.12.24, 2.12.25, 2.12.26, 2.12.27, 2.12.28, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.13.8, 2.13.9, 2.13.10, 2.13.11, 2.13.12, 2.13.13, 2.13.14, 2.13.15, 2.13.16, 2.13.17, 2.13.18, 2.13.19, 2.13.20, 2.13.21, 2.13.22, 2.13.23, 2.13.24, 2.13.25, 2.13.26, 2.13.27, 2.13.28, 2.13.29, 2.13.30