Moderate severityNVD Advisory· Published Sep 19, 2006· Updated Jun 16, 2026
CVE-2006-4684
CVE-2006-4684
Description
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zope2PyPI | >= 2.7.0, <= 2.7.9 | — |
zope2PyPI | >= 2.8.0, < 2.8.9 | 2.8.9 |
Affected products
20cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- secunia.com/advisories/21947nvdPatchVendor Advisory
- secunia.com/advisories/21953nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-1176nvdPatchVendor AdvisoryWEB
- www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txtnvdPatchWEB
- github.com/advisories/GHSA-hm8g-jxjj-gfm3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-4684ghsaADVISORY
- mail.zope.org/pipermail/zope-announce/2006-August/002005.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yamlghsaWEB
- www.securityfocus.com/bid/20022nvd
- www.vupen.com/english/advisories/2006/3653nvd
News mentions
0No linked articles in our index yet.