Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/35799?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35799?format=api", "vulnerability_id": "VCID-1f3t-a46p-13ca", "summary": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.", "aliases": [ { "alias": "CVE-2021-32633" }, { "alias": "CVE-2021-32674" }, { "alias": "GHSA-5pr9-v234-jw36" }, { "alias": "GHSA-5vq5-pg3r-9ph3" }, { "alias": "GHSA-962m-m8jw-8wrr" }, { "alias": "GHSA-rpcg-f9q6-2mq6" }, { "alias": "PYSEC-2021-104" }, { "alias": "PYSEC-2021-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22024?format=api", "purl": "pkg:pypi/zope@4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/22505?format=api", "purl": "pkg:pypi/zope@4.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22025?format=api", "purl": "pkg:pypi/zope@5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22504?format=api", "purl": "pkg:pypi/zope@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.2.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21991?format=api", "purl": "pkg:pypi/zope@4.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/21992?format=api", "purl": "pkg:pypi/zope@4.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/21993?format=api", "purl": "pkg:pypi/zope@4.0b3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b3" }, { "url": "http://public2.vulnerablecode.io/api/packages/21994?format=api", "purl": "pkg:pypi/zope@4.0b4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b4" }, { "url": "http://public2.vulnerablecode.io/api/packages/21995?format=api", "purl": "pkg:pypi/zope@4.0b5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b5" }, { "url": "http://public2.vulnerablecode.io/api/packages/21996?format=api", "purl": "pkg:pypi/zope@4.0b6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b6" }, { "url": "http://public2.vulnerablecode.io/api/packages/21997?format=api", "purl": "pkg:pypi/zope@4.0b7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b7" }, { "url": "http://public2.vulnerablecode.io/api/packages/21998?format=api", "purl": "pkg:pypi/zope@4.0b8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b8" }, { "url": "http://public2.vulnerablecode.io/api/packages/21999?format=api", "purl": "pkg:pypi/zope@4.0b9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b9" }, { "url": "http://public2.vulnerablecode.io/api/packages/22000?format=api", "purl": "pkg:pypi/zope@4.0b10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b10" }, { "url": "http://public2.vulnerablecode.io/api/packages/22001?format=api", "purl": "pkg:pypi/zope@4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22002?format=api", "purl": "pkg:pypi/zope@4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22003?format=api", "purl": "pkg:pypi/zope@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22004?format=api", "purl": "pkg:pypi/zope@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22005?format=api", "purl": "pkg:pypi/zope@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22006?format=api", "purl": "pkg:pypi/zope@4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22007?format=api", "purl": "pkg:pypi/zope@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22008?format=api", "purl": "pkg:pypi/zope@4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22009?format=api", "purl": "pkg:pypi/zope@4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22010?format=api", "purl": "pkg:pypi/zope@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22011?format=api", "purl": "pkg:pypi/zope@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22012?format=api", "purl": "pkg:pypi/zope@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22013?format=api", "purl": "pkg:pypi/zope@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22014?format=api", "purl": "pkg:pypi/zope@4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/22015?format=api", "purl": "pkg:pypi/zope@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22016?format=api", "purl": "pkg:pypi/zope@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22017?format=api", "purl": "pkg:pypi/zope@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/22018?format=api", "purl": "pkg:pypi/zope@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22019?format=api", "purl": "pkg:pypi/zope@4.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/22024?format=api", "purl": "pkg:pypi/zope@4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/22020?format=api", "purl": "pkg:pypi/zope@5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/22021?format=api", "purl": "pkg:pypi/zope@5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22022?format=api", "purl": "pkg:pypi/zope@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22023?format=api", "purl": "pkg:pypi/zope@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22025?format=api", "purl": "pkg:pypi/zope@5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1f3t-a46p-13ca" }, { "vulnerability": "VCID-1psc-rasd-h7hr" }, { "vulnerability": "VCID-f1nm-2rc7-eqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.2" } ], "references": [ { "reference_url": "https://github.com/advisories/GHSA-5vq5-pg3r-9ph3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5vq5-pg3r-9ph3" }, { "reference_url": "https://github.com/advisories/GHSA-962m-m8jw-8wrr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-962m-m8jw-8wrr" }, { "reference_url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21" }, { "reference_url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91" }, { "reference_url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36" }, { "reference_url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6" }, { "reference_url": "https://pypi.org/project/Zope/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/Zope/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/05/21/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/22/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1f3t-a46p-13ca" }