MEDIUM 4.8

PYSEC-2023-193

Details

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / zope

Introduced in: 0 Fixed in: aeaf2cdc80dff60815e3706af448f086ddc3b98d

Fix pip install --upgrade 'zope>=aeaf2cdc80dff60815e3706af448f086ddc3b98d'

References

https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh [ADVISORY]
https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d [FIX]
https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a [FIX]