App.Undo.UndoSupport.get_request_var_or_attr exposes attributes
Bug #1079238 reported by
Tres Seaver
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Historical bug: prior to r123753 (2.12 branch) and forward-ports, the
'get_request_
could be abused to gain access to protected attributes of the context.
Fix released 2011-12-12 with 2.12.21 and 2.13.11
CVE References
To post a comment you must log in.