{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7014?format=json","vulnerability_id":"VCID-peee-y3c2-13bu","summary":"Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.","aliases":[{"alias":"CVE-2006-3458"},{"alias":"GHSA-jcjp-qqpq-pc54"},{"alias":"PYSEC-2006-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60669?format=json","purl":"pkg:pypi/zope2@2.7.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/60670?format=json","purl":"pkg:pypi/zope2@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/60671?format=json","purl":"pkg:pypi/zope2@2.9.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.9.3"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60635?format=json","purl":"pkg:pypi/zope2@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3snn-k8cb-xbfe"},{"vulnerability":"VCID-peee-y3c2-13bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55138?format=json","purl":"pkg:pypi/zope2@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bcn-9b2a-zqcm"},{"vulnerability":"VCID-3snn-k8cb-xbfe"},{"vulnerability":"VCID-peee-y3c2-13bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55139?format=json","purl":"pkg:pypi/zope2@2.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3bcn-9b2a-zqcm"},{"vulnerability":"VCID-peee-y3c2-13bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zope2@2.9.0"}],"references":[{"reference_url":"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3458","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22122","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3458"},{"reference_url":"http://secunia.com/advisories/20988","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/20988"},{"reference_url":"http://secunia.com/advisories/21025","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21025"},{"reference_url":"http://secunia.com/advisories/21130","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21130"},{"reference_url":"http://secunia.com/advisories/21459","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/21459"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml"},{"reference_url":"https://github.com/zopefoundation/Zope","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zopefoundation/Zope"},{"reference_url":"https://usn.ubuntu.com/317-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/317-1"},{"reference_url":"https://usn.ubuntu.com/317-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/317-1/"},{"reference_url":"http://www.debian.org/security/2006/dsa-1113","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2006/dsa-1113"},{"reference_url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html"},{"reference_url":"http://www.securityfocus.com/bid/18856","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/18856"},{"reference_url":"http://www.vupen.com/english/advisories/2006/2681","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2006/2681"},{"reference_url":"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt","reference_id":"","reference_type":"","scores":[],"url":"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3458","reference_id":"CVE-2006-3458","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3458"},{"reference_url":"https://github.com/advisories/GHSA-jcjp-qqpq-pc54","reference_id":"GHSA-jcjp-qqpq-pc54","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jcjp-qqpq-pc54"}],"weaknesses":[{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"0.1 - 3","exploitability":"0.5","weighted_severity":"2.7","risk_score":1.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-peee-y3c2-13bu"}