{"url":"http://public2.vulnerablecode.io/api/packages/56151?format=json","purl":"pkg:pypi/zope2@2.8.0","type":"pypi","namespace":"","name":"zope2","version":"2.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.7","latest_non_vulnerable_version":"2.13.19","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34648?format=json","vulnerability_id":"VCID-baeu-9pqd-ybgk","summary":"The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.","references":[{"reference_url":"http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html","reference_id":"","reference_type":"","scores":[],"url":"http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"},{"reference_url":"http://secunia.com/advisories/21947","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21947"},{"reference_url":"http://secunia.com/advisories/21953","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21953"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml"},{"reference_url":"https://github.com/zopefoundation/Zope","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zopefoundation/Zope"},{"reference_url":"http://www.debian.org/security/2006/dsa-1176","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2006/dsa-1176"},{"reference_url":"http://www.securityfocus.com/bid/20022","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/20022"},{"reference_url":"http://www.vupen.com/english/advisories/2006/3653","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2006/3653"},{"reference_url":"http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt","reference_id":"","reference_type":"","scores":[],"url":"http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4684","reference_id":"CVE-2006-4684","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4684"},{"reference_url":"https://github.com/advisories/GHSA-hm8g-jxjj-gfm3","reference_id":"GHSA-hm8g-jxjj-gfm3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm8g-jxjj-gfm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61686?format=json","purl":"pkg:pypi/zope2@2.8.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.9"}],"aliases":["CVE-2006-4684","GHSA-hm8g-jxjj-gfm3","PYSEC-2006-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-baeu-9pqd-ybgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40108?format=json","vulnerability_id":"VCID-kmk8-jqhn-tuee","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Zope  allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.","references":[{"reference_url":"http://secunia.com/advisories/38007","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38007"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55599","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"},{"reference_url":"https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html","reference_id":"","reference_type":"","scores":[],"url":"https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"},{"reference_url":"http://www.osvdb.org/61655","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/61655"},{"reference_url":"http://www.securityfocus.com/bid/37765","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/37765"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0104","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0104"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1104","reference_id":"CVE-2010-1104","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1104"},{"reference_url":"https://github.com/advisories/GHSA-v7q8-wvvh-c97p","reference_id":"GHSA-v7q8-wvvh-c97p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v7q8-wvvh-c97p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56155?format=json","purl":"pkg:pypi/zope2@2.8.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56156?format=json","purl":"pkg:pypi/zope2@2.9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56157?format=json","purl":"pkg:pypi/zope2@2.10.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.10.11"},{"url":"http://public2.vulnerablecode.io/api/packages/56158?format=json","purl":"pkg:pypi/zope2@2.11.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/8490?format=json","purl":"pkg:pypi/zope2@2.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sk4-yc6h-17c4"},{"vulnerability":"VCID-g2ap-vh6r-yqds"},{"vulnerability":"VCID-khhr-m295-23gs"},{"vulnerability":"VCID-krfw-xa2b-vue5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.12.3"}],"aliases":["CVE-2010-1104","GHSA-v7q8-wvvh-c97p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmk8-jqhn-tuee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34646?format=json","vulnerability_id":"VCID-w2pe-bdy4-9ffb","summary":"Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.","references":[{"reference_url":"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html","reference_id":"","reference_type":"","scores":[],"url":"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"},{"reference_url":"http://secunia.com/advisories/20988","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/20988"},{"reference_url":"http://secunia.com/advisories/21025","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21025"},{"reference_url":"http://secunia.com/advisories/21130","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21130"},{"reference_url":"http://secunia.com/advisories/21459","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21459"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml"},{"reference_url":"https://github.com/zopefoundation/Zope","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zopefoundation/Zope"},{"reference_url":"https://usn.ubuntu.com/317-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/317-1"},{"reference_url":"https://usn.ubuntu.com/317-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/317-1/"},{"reference_url":"http://www.debian.org/security/2006/dsa-1113","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2006/dsa-1113"},{"reference_url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html"},{"reference_url":"http://www.securityfocus.com/bid/18856","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/18856"},{"reference_url":"http://www.vupen.com/english/advisories/2006/2681","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2006/2681"},{"reference_url":"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt","reference_id":"","reference_type":"","scores":[],"url":"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3458","reference_id":"CVE-2006-3458","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3458"},{"reference_url":"https://github.com/advisories/GHSA-jcjp-qqpq-pc54","reference_id":"GHSA-jcjp-qqpq-pc54","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jcjp-qqpq-pc54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61732?format=json","purl":"pkg:pypi/zope2@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/61733?format=json","purl":"pkg:pypi/zope2@2.9.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.9.3"}],"aliases":["CVE-2006-3458","GHSA-jcjp-qqpq-pc54","PYSEC-2006-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pe-bdy4-9ffb"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.0"}