Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/zope@2.5.0

Type pypi

Namespace

Name zope

Version 2.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.1b2

Latest_non_vulnerable_version 5.8.6

Affected_by_vulnerabilities

url VCID-11xm-2sug-5qes

vulnerability_id VCID-11xm-2sug-5qes

summary

Zope Server vulnerable to DoS via header injection
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.

references

reference_url	https://marc.info/?l=zope-announce&m=101890177815066&w=2
reference_id
reference_type
scores
url	https://marc.info/?l=zope-announce&m=101890177815066&w=2

reference_url	https://marc.info/?l=zope-announce&m=101897461507941&w=2
reference_id
reference_type
scores
url	https://marc.info/?l=zope-announce&m=101897461507941&w=2

reference_url	https://marc.info/?l=zope-announce&m=101897462107967&w=2
reference_id
reference_type
scores
url	https://marc.info/?l=zope-announce&m=101897462107967&w=2

reference_url	https://web.archive.org/web/20020822024423/http://www.iss.net/security_center/static/9621.php
reference_id
reference_type
scores
url	https://web.archive.org/web/20020822024423/http://www.iss.net/security_center/static/9621.php

reference_url	https://web.archive.org/web/20021018100409/http://online.securityfocus.com/bid/5813
reference_id
reference_type
scores
url	https://web.archive.org/web/20021018100409/http://online.securityfocus.com/bid/5813

reference_url	http://www.redhat.com/support/errata/RHSA-2002-060.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2002-060.html

reference_url	http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
reference_id
reference_type
scores
url	http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2002-0687
reference_id	CVE-2002-0687
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2002-0687

reference_url	https://github.com/advisories/GHSA-vwrc-g9q6-f675
reference_id	GHSA-vwrc-g9q6-f675
reference_type
scores
url	https://github.com/advisories/GHSA-vwrc-g9q6-f675

fixed_packages

url	pkg:pypi/zope@2.5.1b2
purl	pkg:pypi/zope@2.5.1b2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zope@2.5.1b2

aliases CVE-2002-0687, GHSA-vwrc-g9q6-f675

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11xm-2sug-5qes

url VCID-68cx-x4us-ryfa

vulnerability_id VCID-68cx-x4us-ryfa

summary

Zope does not properly verify the access for objects with proxy roles
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

references

reference_url	http://marc.info/?l=bugtraq&m=101503023511996&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=101503023511996&w=2

reference_url	https://launchpad.net/zope2/+milestone/2.4.4
reference_id
reference_type
scores
url	https://launchpad.net/zope2/+milestone/2.4.4

reference_url	https://launchpad.net/zope2/+milestone/2.5.1
reference_id
reference_type
scores
url	https://launchpad.net/zope2/+milestone/2.5.1

reference_url	https://web.archive.org/web/20021120034302/http://online.securityfocus.com/bid/4229
reference_id
reference_type
scores
url	https://web.archive.org/web/20021120034302/http://online.securityfocus.com/bid/4229

reference_url	https://web.archive.org/web/20070914020022/http://xforce.iss.net/xforce/xfdb/8334
reference_id
reference_type
scores
url	https://web.archive.org/web/20070914020022/http://xforce.iss.net/xforce/xfdb/8334

reference_url	http://www.redhat.com/support/errata/RHSA-2002-060.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2002-060.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2002-0170
reference_id	CVE-2002-0170
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2002-0170

reference_url	https://github.com/advisories/GHSA-c3rp-4cjh-cp38
reference_id	GHSA-c3rp-4cjh-cp38
reference_type
scores
url	https://github.com/advisories/GHSA-c3rp-4cjh-cp38

fixed_packages

url pkg:pypi/zope@2.5.1

purl pkg:pypi/zope@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zsv-kmr1-2fe8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@2.5.1

aliases CVE-2002-0170, GHSA-c3rp-4cjh-cp38

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68cx-x4us-ryfa

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@2.5.0

Package Instance