CRITICAL 9.1

GHSA-g5vw-3h65-2q3v

Access control vulnerable to user data deletion by anonynmous users

상세

### Impact Anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access.

### Patches The problem is fixed in version 7.2.

### Workarounds The problem can be fixed by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.

### References https://github.com/zopefoundation/AccessControl/issues/159

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

최초 영향 버전: 0 수정 버전: 7.2

수정 pip install --upgrade 'accesscontrol>=7.2'

최초 영향 버전: 0 수정 버전: 5.11.1

수정 pip install --upgrade 'zope>=5.11.1'