VYPR

Zope

by Foundation

pypi: zope

Source repositories

CVEs (5)

  • CVE-2021-32674HigJun 8, 2021
    risk 0.50cvss 8.8epss 0.02

    Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available…

  • CVE-2021-32811HigAug 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and…

  • CVE-2021-32633MedMay 21, 2021
    risk 0.37cvss 6.8epss 0.02

    Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through…

  • CVE-2023-42458LowSep 21, 2023
    risk 0.17cvss 3.7epss 0.01

    Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To…

  • CVE-2023-44389LowOct 4, 2023
    risk 0.13cvss 3.1epss 0.00

    Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches…