Digital Creations Zope 2.3.1 b1 and previous versions allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
This advisory covers several vulnerabilities in Zope that
have been addressed
Hotfix 08_09_2000 "Zope security alert and hotfix product"
The issue involves the fact that the getRoles method of user objects
contained in the default UserFolder implementation returns a mutable
Python type Because the mutable object is still associated ...