Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zope zope 2.7.4 |
||
zope zope 2.7.5 |
||
zope zope 2.8.3 |
||
zope zope 2.7.0 |
||
zope zope 2.7.1 |
||
zope zope 2.7.8 |
||
zope zope 2.8.0 |
||
zope zope 2.9.0 |
||
zope zope 2.9.1 |
||
zope zope 2.7.6 |
||
zope zope 2.7.7 |
||
zope zope 2.8.5 |
||
zope zope 2.8.6 |
||
zope zope 2.8.7 |
||
zope zope 2.8.4 |
||
zope zope 2.7.2 |
||
zope zope 2.7.3 |
||
zope zope 2.8.1 |
||
zope zope 2.8.2 |
||
zope zope 2.9.2 |
||
zope zope 2.9.3 |