CVE-2006-3458
zope2.7 - programming error
EPSS 0.07%
Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
How to fix CVE-2006-3458
To remediate CVE-2006-3458, upgrade the affected package to a fixed version below.
- Debian/zope2.7—upgrade to 2.7.5-2sarge2 or later
- PyPI/zope2—upgrade to 2.7.8 or later
- PyPI/zope2—no fix listed
Is CVE-2006-3458 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.7.5-2sarge2
- >= 2.7.0, < 2.7.8
- from 0