CVE-2023-44389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-44389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-44389

Aliases

Related

GHSA-m755-gxxg-r5qh

Published

2023-10-04T21:15:10Z

Modified

2025-01-15T04:59:04.128081Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.

References

Affected packages

Git / github.com/zopefoundation/zope

Affected ranges

Type: GIT
Repo: https://github.com/zopefoundation/zope
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

21dfa78609ffd8b6bd8143805678ebbacae5141a

Fixed

21dfa78609ffd8b6bd8143805678ebbacae5141a

Fixed

aeaf2cdc80dff60815e3706af448f086ddc3b98d

Fixed

aeaf2cdc80dff60815e3706af448f086ddc3b98d

Affected versions

2.*

2.12.27

2.12.28

2.13.20

2.13.21

2.13.22

4.*

4.0

4.0a1

4.0a2

4.0a3

4.0a4

4.0a5

4.0a6

4.0b1

4.0b10

4.0b2

4.0b3

4.0b4

4.0b5

4.0b6

4.0b7

4.0b8

4.0b9

4.1

4.1.1

4.1.2

4.1.3

4.2

4.2.1

4.3

4.4

4.4.1

4.4.2

4.4.3

4.4.4

4.5

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.6

4.6.1

4.6.2

4.6.3

4.7

4.8

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.8.8

4.8.9

5.*

5.0

5.0a1

5.0a2

5.1

5.1.1

5.1.2

5.2

5.2.1

5.3

5.4

5.5

5.5.1

5.5.2

5.6

5.7

5.7.1

5.7.2

5.7.3

5.8

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

backups/Zope-2.*

backups/Zope-2.9@40221

Other

backups/Zope-2_9-branch@40220

backups/ajung-2-11-prep-branch@82440

backups/ajung-zcatalog-progress@26609

backups/ajung-zpt-encoding-fixes@71736

backups/ajung-zpt-end-game@68335

backups/andig-catalog-report@115049

backups/gotcha-processlifetime@113938

backups/hannosch-dtml-vs-accesscontrol@113161

backups/jim-move-Zope@29064

backups/philikon-zope32-integration@39849

backups/rochael-TM_sortKey@113726

backups/slinkp-collector_596@40067

backups/shh-2.*

backups/shh-2.11-zopelitelayer@80865

backups/tim-2.*

backups/tim-2.9-windows-installer@41463