CVE-2002-0688

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions in pypi/zope

Identifiers

GHSA-7944-h5rw-qmjx, CVE-2002-0688

Package Slug

pypi/zope

Vulnerability

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

Description

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Affected Versions

All versions starting from 2.4.0 up to 2.5.1

Solution

Upgrade to version 2.6.0 or above.

Last Modified

2024-02-13

source