4 matches found
CVE-2021-32633
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...
dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32633 +1 more via zope (=5.2.0)
zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32633, CVE-2021-32674 Source advisory: OSV:PYSEC-2021-104...
CVE-2021-32633 Remote Code Execution via traversal in TAL expressions
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...
CVE-2021-32633
CVE-2021-32633 affects Zope prior to versions 4.6 and 5.2, where untrusted modules can indirectly access Python modules available for direct use, enabling unauthenticated or low-privileged users who can edit Zope Page Templates to exploit web-exposed templates. The issue arises from how Zope hand...