5 matches found
dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32807 +1 more via zope (=5.2.0)
zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32807, CVE-2021-32811 Source advisory: OSV:GHSA-G4GQ-J4P2-J8FR...
dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32807 +1 more via zope (=5.2.0)
zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32807, CVE-2021-32811 Source advisory: OSV:PYSEC-2021-368...
CVE-2021-32807
creationtimestamp| type| source ---|---|--- 2021-07-31 02:25:06+00:00| seen| https://t.me/cibsecurity/26641...
CVE-2021-32807 Remote Code Execution via unsafe classes in otherwise permitted modules
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
CVE-2021-32807
CVE-2021-32807 affects Zope’s AccessControl: versions 4 and 5 are vulnerable on Python 3, with RestrictedPython/Script (Python) contexts exposing unsafe access via the string module (Formatter). The issue allows access to other unsafe Python libraries, enabling remote code execution if untrusted ...