Lucene search
Veracode Vulnerability DatabaseVERACODE:31483HistoryAug 04, 2021 - 6:34 a.m.
Remote Code Execution (RCE)
2021-08-0406:34:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.009 Low
EPSS
Percentile
83.0%
Zope using the vulnerable versions of AccessControl is vulnerable to remote code execution. Untrusted users with the Zope Manager role are allowed to add/edit and execute the malicious scripts through the web.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zope | le | 4.6.2 | |
| zope | le | 5.2.1 | |
| accesscontrol | eq | 5.0 | |
| accesscontrol | le | 4.2 | |
| zope | le | 4.6.2 | |
| zope | le | 5.2.1 | |
| accesscontrol | eq | 5.0 | |
| accesscontrol | le | 4.2 |
References
github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf
github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988
github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr
sca.analysiscenter.veracode.com/vulnerability-database/security/man-middle-mitm-/javascript/sid-31455
Related
nvd
nvd
CVE-2021-32811
2021-08-02 22:15:08
cve
cve
CVE-2021-32811
2021-08-02 22:15:08
openvas
openvas
Zope RCE Vulnerability (GHSA-g4gq-j4p2-j8fr)
2021-08-04 00:00:00
gitlab
gitlab
ubuntucve
ubuntucve
CVE-2021-32811
2021-08-02 00:00:00
cvelist
cvelist
github
github
Remote Code Execution via Script (Python) objects under Python 3
2021-08-05 17:00:37
prion
prion
Design/Logic Flaw
2021-08-02 22:15:00
osv
osv
PYSEC-2021-370
2021-08-02 22:15:00
Remote Code Execution via unsafe classes in otherwise permitted modules
2021-08-05 17:01:30
CVE-2021-32811
2021-08-02 22:15:08