Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.6 views

CVE-2021-32633

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...

8.8CVSS6.5AI score0.01843EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2021/06/08 6:15 p.m.4 views

dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32633 +1 more via zope (=5.2.0)

zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32633, CVE-2021-32674 Source advisory: OSV:PYSEC-2021-104...

8.8CVSS7.2AI score0.01843EPSS
Exploits1
Cvelist
Cvelist
added 2021/05/21 1:55 p.m.74 views

CVE-2021-32633 Remote Code Execution via traversal in TAL expressions

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...

6.8CVSS8.8AI score0.01843EPSS
Exploits1References5
CVE
CVE
added 2021/05/21 1:55 p.m.93 views

CVE-2021-32633

CVE-2021-32633 affects Zope prior to versions 4.6 and 5.2, where untrusted modules can indirectly access Python modules available for direct use, enabling unauthenticated or low-privileged users who can edit Zope Page Templates to exploit web-exposed templates. The issue arises from how Zope hand...

8.8CVSS7.4AI score0.01843EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder