GHSA-rpcg-f9q6-2mq6: Remote Code Execution via traversal in TAL expressions
(updated )
This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities.
References
- github.com/advisories/GHSA-rpcg-f9q6-2mq6
- github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml
- github.com/zopefoundation/Zope
- github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21
- github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36
- github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6
- nvd.nist.gov/vuln/detail/CVE-2021-32674
- pypi.org/project/Zope
Detect and mitigate GHSA-rpcg-f9q6-2mq6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →