Low severityNVD Advisory· Published Jul 7, 2006· Updated Apr 16, 2026
CVE-2006-3458
CVE-2006-3458
Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Zope2PyPI | >= 2.7.0, < 2.7.8 | 2.7.8 |
Zope2PyPI | >= 2.8.0, < 2.8.7 | 2.8.7 |
Zope2PyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
Affected products
21cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- secunia.com/advisories/20988nvdVendor Advisory
- secunia.com/advisories/21025nvdVendor Advisory
- secunia.com/advisories/21130nvdVendor Advisory
- secunia.com/advisories/21459nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2681nvdVendor Advisory
- github.com/advisories/GHSA-jcjp-qqpq-pc54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-3458ghsaADVISORY
- mail.zope.org/pipermail/zope-announce/2006-July/001984.htmlnvdWEB
- www.debian.org/security/2006/dsa-1113nvdWEB
- www.novell.com/linux/security/advisories/2006_19_sr.htmlnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27636nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yamlghsaWEB
- usn.ubuntu.com/317-1ghsaWEB
- www.securityfocus.com/bid/18856nvd
- www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txtnvd
- usn.ubuntu.com/317-1/nvd
News mentions
0No linked articles in our index yet.