Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/zope@4.0b10
Typepypi
Namespace
Namezope
Version4.0b10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.8.11
Latest_non_vulnerable_version5.8.6
Affected_by_vulnerabilities
0
url VCID-1f3t-a46p-13ca
vulnerability_id VCID-1f3t-a46p-13ca
summary Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
references
0
reference_url https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633
reference_id
reference_type
scores
url https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633
1
reference_url https://github.com/advisories/GHSA-5vq5-pg3r-9ph3
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5vq5-pg3r-9ph3
2
reference_url https://github.com/advisories/GHSA-962m-m8jw-8wrr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-962m-m8jw-8wrr
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-104.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2021-88.yaml
5
reference_url https://github.com/zopefoundation/Zope
reference_id
reference_type
scores
url https://github.com/zopefoundation/Zope
6
reference_url https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21
reference_id
reference_type
scores
url https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21
7
reference_url https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91
reference_id
reference_type
scores
url https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91
8
reference_url https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36
reference_id
reference_type
scores
url https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36
9
reference_url https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6
reference_id
reference_type
scores
url https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6
10
reference_url https://pypi.org/project/Zope
reference_id
reference_type
scores
url https://pypi.org/project/Zope
11
reference_url https://pypi.org/project/Zope/
reference_id
reference_type
scores
url https://pypi.org/project/Zope/
12
reference_url http://www.openwall.com/lists/oss-security/2021/05/21/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/21/1
13
reference_url http://www.openwall.com/lists/oss-security/2021/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/05/22/1
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32633
reference_id CVE-2021-32633
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32633
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32674
reference_id CVE-2021-32674
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32674
16
reference_url https://github.com/advisories/GHSA-5pr9-v234-jw36
reference_id GHSA-5pr9-v234-jw36
reference_type
scores
url https://github.com/advisories/GHSA-5pr9-v234-jw36
17
reference_url https://github.com/advisories/GHSA-rpcg-f9q6-2mq6
reference_id GHSA-rpcg-f9q6-2mq6
reference_type
scores
url https://github.com/advisories/GHSA-rpcg-f9q6-2mq6
fixed_packages
0
url pkg:pypi/zope@4.6
purl pkg:pypi/zope@4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f3t-a46p-13ca
1
vulnerability VCID-1psc-rasd-h7hr
2
vulnerability VCID-f1nm-2rc7-eqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.6
1
url pkg:pypi/zope@4.6.1
purl pkg:pypi/zope@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1psc-rasd-h7hr
1
vulnerability VCID-f1nm-2rc7-eqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.6.1
2
url pkg:pypi/zope@5.2
purl pkg:pypi/zope@5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1f3t-a46p-13ca
1
vulnerability VCID-1psc-rasd-h7hr
2
vulnerability VCID-f1nm-2rc7-eqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.2
3
url pkg:pypi/zope@5.2.1
purl pkg:pypi/zope@5.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1psc-rasd-h7hr
1
vulnerability VCID-f1nm-2rc7-eqee
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zope@5.2.1
aliases CVE-2021-32633, CVE-2021-32674, GHSA-5pr9-v234-jw36, GHSA-5vq5-pg3r-9ph3, GHSA-962m-m8jw-8wrr, GHSA-rpcg-f9q6-2mq6, PYSEC-2021-104, PYSEC-2021-88
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1f3t-a46p-13ca
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/zope@4.0b10