Lucene search
Veracode Vulnerability DatabaseVERACODE:31483HistoryAug 04, 2021 - 6:34 a.m.
Remote Code Execution (RCE)
2021-08-0406:34:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
remote code execution
zope
accesscontrol
untrusted users
malicious scripts
web-based exploitation
EPSS
0.009
Percentile
82.9%
Zope using the vulnerable versions of AccessControl is vulnerable to remote code execution. Untrusted users with the Zope Manager role are allowed to add/edit and execute the malicious scripts through the web.
References
github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf
github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988
github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr
sca.analysiscenter.veracode.com/vulnerability-database/security/man-middle-mitm-/javascript/sid-31455
Related
prion
prion
Design/Logic Flaw
2021-08-02 22:15:00
openvas
openvas
Zope RCE Vulnerability (GHSA-g4gq-j4p2-j8fr)
2021-08-04 00:00:00
gitlab
gitlab
cve
cve
CVE-2021-32811
2021-08-02 22:15:08
cvelist
cvelist
github
github
Remote Code Execution via Script (Python) objects under Python 3
2021-08-05 17:00:37
ubuntucve
ubuntucve
CVE-2021-32811
2021-08-02 00:00:00
nvd
nvd
CVE-2021-32811
2021-08-02 22:15:08
osv
osv
PYSEC-2021-370
2021-08-02 22:15:00
Remote Code Execution via Script (Python) objects under Python 3
2021-08-05 17:00:37
PYSEC-2021-875
2021-07-30 22:15:00