Lucene search

GitHub Advisory DatabaseGHSA-7WHR-J8VF-R4WJ

HistoryApr 30, 2022 - 6:15 p.m.

Zope allows attackers to modify raw image and file data

2022-04-3018:15:07

CWE-284

GitHub Advisory Database

github.com

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Affected configurations

Vulners

Node

github_advisory_databasezopeRange≤2.2.4

CPENameOperatorVersion
zopele2.2.4

CPE	Name	Operator	Version
	zope	le	2.2.4

References

www.debian.org/security/2001/dsa-007

www.redhat.com/support/errata/RHSA-2000-135.html

www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert

exchange.xforce.ibmcloud.com/vulnerabilities/5778

github.com/advisories/GHSA-7whr-j8vf-r4wj

nvd.nist.gov/vuln/detail/CVE-2000-1212

web.archive.org/web/20020117134418/distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for GHSA-7WHR-J8VF-R4WJ