HIGH
GHSA-h2xh-jvpf-xq42
Zope does not properly perform security registration for legacy names
Details
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / zope
Introduced in:
2.2.0 No fixed version published yet for zope (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2000-1211 [ADVISORY]
- https://web.archive.org/web/20010910131909/http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 [WEB]
- https://web.archive.org/web/20021227061438/http://www.iss.net/security_center/static/5824.php [WEB]
- http://www.redhat.com/support/errata/RHSA-2000-125.html [WEB]
- http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert [WEB]