CVE-2024-51734
- EPSS 0.17%
- Published 04.11.2024 23:15:05
- Last modified 22.01.2025 20:15:30
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has b...
CVE-2023-41050
- EPSS 0.24%
- Published 06.09.2023 18:15:08
- Last modified 21.11.2024 08:20:27
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects...
CVE-2021-32811
- EPSS 3.93%
- Published 02.08.2021 22:15:08
- Last modified 21.11.2024 06:07:47
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope...
CVE-2021-32807
- EPSS 1.88%
- Published 30.07.2021 22:15:07
- Last modified 21.11.2024 06:07:47
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies...