Low severityNVD Advisory· Published Jul 7, 2006· Updated Jun 16, 2026
CVE-2006-3458
CVE-2006-3458
Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Zope2PyPI | >= 2.7.0, < 2.7.8 | 2.7.8 |
Zope2PyPI | >= 2.8.0, < 2.8.7 | 2.8.7 |
Zope2PyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
Affected products
22cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
16- secunia.com/advisories/20988nvdVendor Advisory
- secunia.com/advisories/21025nvdVendor Advisory
- secunia.com/advisories/21130nvdVendor Advisory
- secunia.com/advisories/21459nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2681nvdVendor Advisory
- github.com/advisories/GHSA-jcjp-qqpq-pc54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-3458ghsaADVISORY
- mail.zope.org/pipermail/zope-announce/2006-July/001984.htmlnvdWEB
- www.debian.org/security/2006/dsa-1113nvdWEB
- www.novell.com/linux/security/advisories/2006_19_sr.htmlnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27636nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yamlghsaWEB
- usn.ubuntu.com/317-1ghsaWEB
- www.securityfocus.com/bid/18856nvd
- www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txtnvd
- usn.ubuntu.com/317-1/nvd
News mentions
0No linked articles in our index yet.