VulnerableCode Package Details - pkg:pypi/zope2@2.12.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-2vmc-exnd-qua6 Aliases: CVE-2011-2528 GHSA-p6h9-hpcg-c6gm PYSEC-2011-25 PYSEC-2011-32	Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.	2.12.19 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.13.8 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4ym2-39bg-dbga Aliases: CVE-2012-5486 GHSA-77hv-8796-8ccp PYSEC-2014-28 PYSEC-2014-73	ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.	2.13.19 Affected by 0 other vulnerabilities.
VCID-pncb-4m8u-hbaw Aliases: CVE-2012-5507 GHSA-3qpr-7rmg-73v8 PYSEC-2014-49 PYSEC-2014-75	AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.	2.13.19 Affected by 0 other vulnerabilities.
VCID-scgs-bz44-ebfk Aliases: CVE-2012-6661 GHSA-48vv-2pmq-9fvv PYSEC-2014-51 PYSEC-2014-76	Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).	2.13.19 Affected by 0 other vulnerabilities.
VCID-vc1v-xsbc-kff1 Aliases: CVE-2012-5489 GHSA-879r-7f3w-8jj3 PYSEC-2014-31 PYSEC-2014-74	The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.	2.12.21 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.13.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2vmc-exnd-qua6
Aliases:
CVE-2011-2528
GHSA-p6h9-hpcg-c6gm
PYSEC-2011-25
PYSEC-2011-32

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

2.12.19
Affected by 4 other vulnerabilities.

2.13.8
Affected by 4 other vulnerabilities.

VCID-4ym2-39bg-dbga
Aliases:
CVE-2012-5486
GHSA-77hv-8796-8ccp
PYSEC-2014-28
PYSEC-2014-73

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

2.13.19
Affected by 0 other vulnerabilities.

VCID-pncb-4m8u-hbaw
Aliases:
CVE-2012-5507
GHSA-3qpr-7rmg-73v8
PYSEC-2014-49
PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

2.13.19
Affected by 0 other vulnerabilities.

VCID-scgs-bz44-ebfk
Aliases:
CVE-2012-6661
GHSA-48vv-2pmq-9fvv
PYSEC-2014-51
PYSEC-2014-76

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

2.13.19
Affected by 0 other vulnerabilities.

VCID-vc1v-xsbc-kff1
Aliases:
CVE-2012-5489
GHSA-879r-7f3w-8jj3
PYSEC-2014-31
PYSEC-2014-74

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

2.12.21
Affected by 3 other vulnerabilities.

2.13.11
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:58:20.827960+00:00	GHSA Importer	Affected by	VCID-vc1v-xsbc-kff1	https://github.com/advisories/GHSA-879r-7f3w-8jj3	38.6.0
2026-05-31T09:58:20.072154+00:00	GHSA Importer	Affected by	VCID-4ym2-39bg-dbga	https://github.com/advisories/GHSA-77hv-8796-8ccp	38.6.0
2026-05-31T09:58:18.663802+00:00	GHSA Importer	Affected by	VCID-scgs-bz44-ebfk	https://github.com/advisories/GHSA-48vv-2pmq-9fvv	38.6.0
2026-05-31T09:58:17.873669+00:00	GHSA Importer	Affected by	VCID-pncb-4m8u-hbaw	https://github.com/advisories/GHSA-3qpr-7rmg-73v8	38.6.0
2026-05-31T09:48:22.716276+00:00	GitLab Importer	Affected by	VCID-pncb-4m8u-hbaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2012-5507.yml	38.6.0
2026-05-31T09:48:21.699544+00:00	GitLab Importer	Affected by	VCID-vc1v-xsbc-kff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2012-5489.yml	38.6.0
2026-05-31T09:48:20.748410+00:00	GitLab Importer	Affected by	VCID-4ym2-39bg-dbga	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2012-5486.yml	38.6.0
2026-05-31T09:48:20.416719+00:00	GitLab Importer	Affected by	VCID-scgs-bz44-ebfk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2012-6661.yml	38.6.0
2026-05-31T09:48:17.977907+00:00	GitLab Importer	Affected by	VCID-2vmc-exnd-qua6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2011-2528.yml	38.6.0
2026-05-31T09:36:36.544638+00:00	PyPI Importer	Affected by	VCID-scgs-bz44-ebfk	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:36:34.271568+00:00	PyPI Importer	Affected by	VCID-vc1v-xsbc-kff1	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:36:33.715493+00:00	PyPI Importer	Affected by	VCID-pncb-4m8u-hbaw	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:36:33.265213+00:00	PyPI Importer	Affected by	VCID-4ym2-39bg-dbga	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:16:31.312788+00:00	Pypa Importer	Affected by	VCID-scgs-bz44-ebfk	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-76.yaml	38.6.0
2026-05-30T20:16:23.500779+00:00	Pypa Importer	Affected by	VCID-pncb-4m8u-hbaw	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-75.yaml	38.6.0
2026-05-30T20:16:22.728597+00:00	Pypa Importer	Affected by	VCID-4ym2-39bg-dbga	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-73.yaml	38.6.0
2026-05-30T20:16:17.500315+00:00	Pypa Importer	Affected by	VCID-vc1v-xsbc-kff1	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-74.yaml	38.6.0