CRITICAL 9.1
PYSEC-2026-2076
Access control vulnerable to user data deletion by anonynmous users
상세
### Impact Anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access.
### Patches The problem is fixed in version 7.2.
### Workarounds The problem can be fixed by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
### References https://github.com/zopefoundation/AccessControl/issues/159
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2024-51734 [ADVISORY]
- https://github.com/zopefoundation/AccessControl/issues/159 [WEB]
- https://github.com/zopefoundation/AccessControl [PACKAGE]
- https://pypi.org/project/zope [PACKAGE]
- https://github.com/advisories/GHSA-g5vw-3h65-2q3v [ADVISORY]