4 matches found
Zope RCE Vulnerability (GHSA-rpcg-f9q6-2mq6)
Zope is prone to a remote code execution RCE vulnerability via a traversal in TAL expressions. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
dsframework (>=0.1.9 <=0.1.12) potentially affected by CVE-2021-32633 +1 more via zope (=5.2.0)
zope PYPI version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on zope and may be impacted: - dsframework =0.1.9, =0.1.12 Source cves: CVE-2021-32633, CVE-2021-32674 Source advisory: OSV:PYSEC-2021-104...
CVE-2021-32674 Remote Code Execution via traversal in TAL expressions
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...
CVE-2021-32674
Zope TAL expression traversal vulnerabilities allow untrusted code execution when Zope Page Templates are edited by web users with sufficient permissions. Affected: Zope open-source web application server; root cause: TAL expression evaluation can indirectly access untrusted Python modules. Impac...