CVE-2006-4684: Zope allows remote attackers to read arbitrary files

May 1, 2022 (updated November 21, 2024)

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

References

github.com/advisories/GHSA-hm8g-jxjj-gfm3
github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml
github.com/zopefoundation/Zope
nvd.nist.gov/vuln/detail/CVE-2006-4684

Detect and mitigate CVE-2006-4684 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →