CVE-2002-0170

Zope does not properly verify the access for objects with proxy roles in pypi/zope

Identifiers

GHSA-c3rp-4cjh-cp38, CVE-2002-0170

Package Slug

pypi/zope

Vulnerability

Zope does not properly verify the access for objects with proxy roles

Description

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Affected Versions

All versions starting from 2.2.0 before 2.4.4, all versions starting from 2.5.0 before 2.5.1

Solution

Upgrade to versions 2.4.4, 2.5.1 or above.

Last Modified

2024-02-13

source