Lucene search
+L

4 matches found

OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

Zope RCE Vulnerability (GHSA-rpcg-f9q6-2mq6)

Zope is prone to a remote code execution RCE vulnerability via a traversal in TAL expressions. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.8CVSS9AI score0.01574EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/06/08 6:15 p.m.4 views

dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32633 +1 more via zope (=5.2.0)

zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32633, CVE-2021-32674 Source advisory: OSV:PYSEC-2021-104...

8.8CVSS7.2AI score0.01843EPSS
Exploits1
Cvelist
Cvelist
added 2021/06/08 5:45 p.m.75 views

CVE-2021-32674 Remote Code Execution via traversal in TAL expressions

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...

8.8CVSS8.9AI score0.01574EPSS
Exploits0References4
CVE
CVE
added 2021/06/08 5:45 p.m.99 views

CVE-2021-32674

Zope TAL expression traversal vulnerabilities allow untrusted code execution when Zope Page Templates are edited by web users with sufficient permissions. Affected: Zope open-source web application server; root cause: TAL expression evaluation can indirectly access untrusted Python modules. Impac...

8.8CVSS8.6AI score0.01574EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder