ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zope zope 2.5.1 |
||
zope zope 2.4.0 |