HIGH

GHSA-c3rp-4cjh-cp38

Zope does not properly verify the access for objects with proxy roles

상세

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / zope

최초 영향 버전: 2.2.0 수정 버전: 2.4.4

수정 pip install --upgrade 'zope>=2.4.4'

PyPI / zope

최초 영향 버전: 2.5.0 수정 버전: 2.5.1

수정 pip install --upgrade 'zope>=2.5.1'

참고

https://nvd.nist.gov/vuln/detail/CVE-2002-0170 [ADVISORY]
https://github.com/zopefoundation/Zope [PACKAGE]
https://launchpad.net/zope2/+milestone/2.4.4 [WEB]
https://launchpad.net/zope2/+milestone/2.5.1 [WEB]
https://web.archive.org/web/20021120034302/http://online.securityfocus.com/bid/4229 [WEB]
https://web.archive.org/web/20070914020022/http://xforce.iss.net/xforce/xfdb/8334 [WEB]
http://marc.info/?l=bugtraq&m=101503023511996&w=2 [WEB]
http://www.redhat.com/support/errata/RHSA-2002-060.html [WEB]