3 matches found
CVE-2021-32807
CVE-2021-32807 affects Zope’s AccessControl: versions 4 and 5 are vulnerable on Python 3, with RestrictedPython/Script (Python) contexts exposing unsafe access via the string module (Formatter). The issue allows access to other unsafe Python libraries, enabling remote code execution if untrusted ...
CVE-2021-32811
Zope CVE-2021-32811 affects Zope 4.x prior to 4.6.3 and Zope 5.x prior to 5.3 when running Python 3 and with the optional Products.PythonScripts add-on installed. The vulnerability enables remote code execution via Script (Python) objects unless the Zope Manager role is not granted or scripting e...
CVE-2023-41050
CVE-2023-41050 concerns Zope’s AccessControl. The issue arises when Python’s format functionality can cause format strings to access objects recursively via normal getattr/getitem, bypassing restricted variants and leading to information disclosure. Affected are scenarios where untrusted users ca...