Moderate severityNVD Advisory· Published Dec 18, 2000· Updated Apr 16, 2026
CVE-2000-1212
CVE-2000-1212
Description
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zopePyPI | >= 2.2.0, <= 2.2.4 | — |
Affected products
12cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.1b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alertnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-7whr-j8vf-r4wjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2000-1212ghsaADVISORY
- www.debian.org/security/2001/dsa-007nvdWEB
- www.redhat.com/support/errata/RHSA-2000-135.htmlnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/5778nvdWEB
- web.archive.org/web/20020117134418/http://distro.conectiva.com.br/atualizacoes/ghsaWEB
- distro.conectiva.com.br/atualizacoes/nvd
- frontal2.mandriva.com/security/advisoriesnvd
- www.osvdb.org/6283nvd
News mentions
0No linked articles in our index yet.