GHSA-h2xh-jvpf-xq42

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-h2xh-jvpf-xq42/GHSA-h2xh-jvpf-xq42.json

Aliases

CVE-2000-1211

Published

2022-04-30T18:15:07Z

Modified

2023-09-18T22:28:05Z

Details

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

References

https://nvd.nist.gov/vuln/detail/CVE-2000-1211
https://web.archive.org/web/20010910131909/http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3
https://web.archive.org/web/20021227061438/http://www.iss.net/security_center/static/5824.php
http://www.redhat.com/support/errata/RHSA-2000-125.html
http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

Affected packages

PyPI / zope

Source Details

Package Name: zope

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Last affected

2.2.4

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}