VulnerableCode Package Details - pkg:pypi/zope2@2.13.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2sk4-yc6h-17c4 Aliases: CVE-2012-5489 GHSA-879r-7f3w-8jj3 PYSEC-2014-31 PYSEC-2014-74	The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.	2.13.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g2ap-vh6r-yqds Aliases: CVE-2012-5507 GHSA-3qpr-7rmg-73v8 PYSEC-2014-49 PYSEC-2014-75	AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.	2.13.19 Affected by 0 other vulnerabilities.
VCID-khhr-m295-23gs Aliases: CVE-2012-6661 GHSA-48vv-2pmq-9fvv PYSEC-2014-51 PYSEC-2014-76	Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).	2.13.19 Affected by 0 other vulnerabilities.
VCID-krfw-xa2b-vue5 Aliases: CVE-2012-5486 GHSA-77hv-8796-8ccp PYSEC-2014-28 PYSEC-2014-73	ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.	2.13.19 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2sk4-yc6h-17c4
Aliases:
CVE-2012-5489
GHSA-879r-7f3w-8jj3
PYSEC-2014-31
PYSEC-2014-74

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

2.13.11
Affected by 3 other vulnerabilities.

VCID-g2ap-vh6r-yqds
Aliases:
CVE-2012-5507
GHSA-3qpr-7rmg-73v8
PYSEC-2014-49
PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

2.13.19
Affected by 0 other vulnerabilities.

VCID-khhr-m295-23gs
Aliases:
CVE-2012-6661
GHSA-48vv-2pmq-9fvv
PYSEC-2014-51
PYSEC-2014-76

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

2.13.19
Affected by 0 other vulnerabilities.

VCID-krfw-xa2b-vue5
Aliases:
CVE-2012-5486
GHSA-77hv-8796-8ccp
PYSEC-2014-28
PYSEC-2014-73

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

2.13.19
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:03:56.404618+00:00	Pypa Importer	Affected by	VCID-khhr-m295-23gs	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-76.yaml	38.6.0
2026-06-02T04:03:48.650398+00:00	Pypa Importer	Affected by	VCID-g2ap-vh6r-yqds	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-75.yaml	38.6.0
2026-06-02T04:03:47.875571+00:00	Pypa Importer	Affected by	VCID-krfw-xa2b-vue5	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-73.yaml	38.6.0
2026-06-02T04:03:42.680173+00:00	Pypa Importer	Affected by	VCID-2sk4-yc6h-17c4	https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-74.yaml	38.6.0