CVE-2006-3458

描述

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

受影響套件(2)

• Debian/zope2.7from 0, < 2.7.5-2sarge2
• PyPI/zope2>= 2.7.0, < 2.7.8

參考連結(8)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2006-3458
• PATCHhttps://github.com/zopefoundation/Zope
• WEBhttp://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
• WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27636
• WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml
• WEBhttps://usn.ubuntu.com/317-1
• WEBhttp://www.debian.org/security/2006/dsa-1113
• WEBhttp://www.novell.com/linux/security/advisories/2006_19_sr.html