CVEs related to bugs in Zope 2
Open bugs
There are no CVEs related to bugs open in Zope 2.
Resolved bugs
Bug | CVE(s) |
---|---|
Bug #143894: Missing @postonly in AccessControl.Owned | CVE-2007-0240 |
Zope 2 | Fix released (unassigned) |
Bug #143896: Take Ownership button fails | CVE-2007-0240 |
Zope 2 | Fix released (unassigned) |
Bug #627988: Anonymous can crash Zope2.10 and 2.11 | CVE-2010-3198 |
Zope 2 | Fix released, assigned to Tres Seaver |
Bug #848807: Anonymous arbitrary shell execution possible via URL | CVE-2011-3587 |
Zope 2 | Fix released, assigned to Tres Seaver |
Bug #930812: ZPublisher.HTTPRequest._scrubHeader allows linefeed injection | CVE-2012-5486 |
Zope 2 | Fix released (unassigned) |
Bug #1071067: Improper use of random module | CVE-2012-5507 CVE-2012-5508 |
Zope 2 | Fix released (unassigned) |
Bug #1079238: App.Undo.UndoSupport.get_request_var_or_attr exposes attributes | CVE-2012-5489 |
Zope 2 | Fix released (unassigned) |