Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/zope2@2.13.5

Type pypi

Namespace

Name zope2

Version 2.13.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.13.19

Latest_non_vulnerable_version 2.13.19

Affected_by_vulnerabilities

url VCID-2vmc-exnd-qua6

vulnerability_id VCID-2vmc-exnd-qua6

summary Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

references

reference_url	http://plone.org/products/plone-hotfix/releases/20110622
reference_id
reference_type
scores
url	http://plone.org/products/plone-hotfix/releases/20110622

reference_url	http://plone.org/products/plone/security/advisories/20110622
reference_id
reference_type
scores
url	http://plone.org/products/plone/security/advisories/20110622

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2528

reference_id

reference_type

scores

value	0.00593
scoring_system	epss
scoring_elements	0.69584
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2528

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=718824

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=718824

reference_url	http://secunia.com/advisories/45056
reference_id
reference_type
scores
url	http://secunia.com/advisories/45056

reference_url	http://secunia.com/advisories/45111
reference_id
reference_type
scores
url	http://secunia.com/advisories/45111

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-25.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-25.yaml

reference_url

https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html

reference_url

https://plone.org/products/plone-hotfix/releases/20110622

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone-hotfix/releases/20110622

reference_url

https://plone.org/products/plone/security/advisories/20110622

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone/security/advisories/20110622

reference_url

https://www.openwall.com/lists/oss-security/2011/07/04/6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2011/07/04/6

reference_url

https://www.openwall.com/lists/oss-security/2011/07/12/9

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2011/07/12/9

reference_url	http://www.openwall.com/lists/oss-security/2011/07/04/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2011/07/04/6

reference_url	http://www.openwall.com/lists/oss-security/2011/07/12/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2011/07/12/9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2528

reference_id

CVE-2011-2528

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2528

reference_url

https://github.com/advisories/GHSA-p6h9-hpcg-c6gm

reference_id

GHSA-p6h9-hpcg-c6gm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p6h9-hpcg-c6gm

fixed_packages

url pkg:pypi/zope2@2.13.8

purl pkg:pypi/zope2@2.13.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ym2-39bg-dbga

vulnerability	VCID-pncb-4m8u-hbaw

vulnerability	VCID-scgs-bz44-ebfk

vulnerability	VCID-vc1v-xsbc-kff1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.8

aliases CVE-2011-2528, GHSA-p6h9-hpcg-c6gm, PYSEC-2011-25, PYSEC-2011-32

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vmc-exnd-qua6

url VCID-4ym2-39bg-dbga

vulnerability_id VCID-4ym2-39bg-dbga

summary ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1194.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1194.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1194

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1194

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5486

reference_id

reference_type

scores

value	0.00821
scoring_system	epss
scoring_elements	0.74709
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5486

reference_url

https://bugs.launchpad.net/zope2/+bug/930812

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/zope2/+bug/930812

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=878939

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=878939

reference_url

https://github.com/advisories/GHSA-77hv-8796-8ccp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-77hv-8796-8ccp

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml

reference_url

https://plone.org/products/plone-hotfix/releases/20121106

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone-hotfix/releases/20121106

reference_url

https://plone.org/products/plone/security/advisories/20121106/02

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone/security/advisories/20121106/02

reference_url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_url

https://access.redhat.com/security/cve/CVE-2012-5486

reference_id

CVE-2012-5486

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-5486

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5486

reference_id

CVE-2012-5486

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5486

fixed_packages

url	pkg:pypi/zope2@2.13.19
purl	pkg:pypi/zope2@2.13.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.19

aliases CVE-2012-5486, GHSA-77hv-8796-8ccp, PYSEC-2014-28, PYSEC-2014-73

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ym2-39bg-dbga

url VCID-pncb-4m8u-hbaw

vulnerability_id VCID-pncb-4m8u-hbaw

summary AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5507

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.51249
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5507

reference_url

https://bugs.launchpad.net/zope2/+bug/1071067

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/zope2/+bug/1071067

reference_url

https://github.com/advisories/GHSA-3qpr-7rmg-73v8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3qpr-7rmg-73v8

reference_url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-49.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-75.yaml

reference_url

https://plone.org/products/plone-hotfix/releases/20121106

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone-hotfix/releases/20121106

reference_url

https://plone.org/products/plone/security/advisories/20121106/23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone/security/advisories/20121106/23

reference_url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5507

reference_id

CVE-2012-5507

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5507

fixed_packages

url	pkg:pypi/zope2@2.13.19
purl	pkg:pypi/zope2@2.13.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.19

aliases CVE-2012-5507, GHSA-3qpr-7rmg-73v8, PYSEC-2014-49, PYSEC-2014-75

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pncb-4m8u-hbaw

url VCID-scgs-bz44-ebfk

vulnerability_id VCID-scgs-bz44-ebfk

summary Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6661

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.61148
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6661

reference_url

https://bugs.launchpad.net/zope2/+bug/1071067

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/zope2/+bug/1071067

reference_url

https://github.com/advisories/GHSA-48vv-2pmq-9fvv

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-48vv-2pmq-9fvv

reference_url

https://github.com/plone/Products.CMFPlone

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Products.CMFPlone

reference_url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml

reference_url

https://plone.org/products/plone-hotfix/releases/20121124

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone-hotfix/releases/20121124

reference_url

https://plone.org/products/plone/security/advisories/20121106/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone/security/advisories/20121106/24

reference_url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6661

reference_id

CVE-2012-6661

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6661

fixed_packages

url	pkg:pypi/zope2@2.13.19
purl	pkg:pypi/zope2@2.13.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.19

aliases CVE-2012-6661, GHSA-48vv-2pmq-9fvv, PYSEC-2014-51, PYSEC-2014-76

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scgs-bz44-ebfk

url VCID-vc1v-xsbc-kff1

vulnerability_id VCID-vc1v-xsbc-kff1

summary The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5489

reference_id

reference_type

scores

value	0.00575
scoring_system	epss
scoring_elements	0.69076
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5489

reference_url

https://bugs.launchpad.net/zope2/+bug/1079238

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/zope2/+bug/1079238

reference_url

https://github.com/advisories/GHSA-879r-7f3w-8jj3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-879r-7f3w-8jj3

reference_url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-31.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-74.yaml

reference_url

https://plone.org/products/plone-hotfix/releases/20121106

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone-hotfix/releases/20121106

reference_url

https://plone.org/products/plone/security/advisories/20121106/05

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://plone.org/products/plone/security/advisories/20121106/05

reference_url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/10/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5489

reference_id

CVE-2012-5489

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5489

fixed_packages

url pkg:pypi/zope2@2.13.11

purl pkg:pypi/zope2@2.13.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ym2-39bg-dbga

vulnerability	VCID-pncb-4m8u-hbaw

vulnerability	VCID-scgs-bz44-ebfk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.11

aliases CVE-2012-5489, GHSA-879r-7f3w-8jj3, PYSEC-2014-31, PYSEC-2014-74

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vc1v-xsbc-kff1

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.13.5

Package Instance