VulnerableCode Package Details - pkg:pypi/zope2@2.8.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-baeu-9pqd-ybgk Aliases: CVE-2006-4684 GHSA-hm8g-jxjj-gfm3 PYSEC-2006-8	The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.	2.8.9 Affected by 0 other vulnerabilities.
VCID-kmk8-jqhn-tuee Aliases: CVE-2010-1104 GHSA-v7q8-wvvh-c97p	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Zope allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.	2.8.12 Affected by 0 other vulnerabilities. 2.9.12 Affected by 0 other vulnerabilities. 2.10.11 Affected by 0 other vulnerabilities. 2.11.6 Affected by 0 other vulnerabilities. 2.12.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w2pe-bdy4-9ffb Aliases: CVE-2006-3458 GHSA-jcjp-qqpq-pc54 PYSEC-2006-7	Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.	2.8.7 Affected by 0 other vulnerabilities. 2.9.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-baeu-9pqd-ybgk
Aliases:
CVE-2006-4684
GHSA-hm8g-jxjj-gfm3
PYSEC-2006-8

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

2.8.9
Affected by 0 other vulnerabilities.

VCID-kmk8-jqhn-tuee
Aliases:
CVE-2010-1104
GHSA-v7q8-wvvh-c97p

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Zope allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

2.8.12
Affected by 0 other vulnerabilities.

2.9.12
Affected by 0 other vulnerabilities.

2.10.11
Affected by 0 other vulnerabilities.

2.11.6
Affected by 0 other vulnerabilities.

2.12.3
Affected by 4 other vulnerabilities.

VCID-w2pe-bdy4-9ffb
Aliases:
CVE-2006-3458
GHSA-jcjp-qqpq-pc54
PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

2.8.7
Affected by 0 other vulnerabilities.

2.9.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:42:15.308811+00:00	GitLab Importer	Affected by	VCID-w2pe-bdy4-9ffb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2006-3458.yml	38.6.0
2026-06-02T04:42:13.298316+00:00	GitLab Importer	Affected by	VCID-baeu-9pqd-ybgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2006-4684.yml	38.6.0
2026-06-02T04:38:04.859377+00:00	GitLab Importer	Affected by	VCID-kmk8-jqhn-tuee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Zope2/CVE-2010-1104.yml	38.6.0