Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zopefoundation — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting zopefoundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Zope Foundation develops Zope, a Python-based content management framework and application server primarily used for building complex web applications with robust security features. Historically, its vulnerabilities have commonly included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from input validation flaws and insecure default configurations. While Zope's security model emphasizes granular permissions and has generally avoided major high-profile incidents, the 17 recorded CVEs highlight ongoing challenges in maintaining security across its extensive feature set, particularly in third-party extensions and legacy components.

Top products by zopefoundation: Zope RestrictedPython AccessControl Products.PluggableAuthService Products.GenericSetup Products.CMFCore Products.SQLAlchemyDA
CVE IDTitleCVSSSeverityPublished
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter — RestrictedPythonCWE-843 7.9 High2025-01-23
CVE-2024-51734 User data deletion by anoynmous users in Zope — AccessControlCWE-284 6.5AIMediumAI2024-11-04
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module — RestrictedPythonCWE-200 6.5 -2024-09-30
CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution — Products.SQLAlchemyDACWE-89 9.8 Critical2024-02-07
CVE-2023-44389 Zope management interface vulnerable to stored cross site scripting via the title property — ZopeCWE-79 3.1 Low2023-10-04
CVE-2023-42458 Zope vulnerable to Stored Cross Site Scripting with SVG images — ZopeCWE-80 3.7 Low2023-09-21
CVE-2023-41050 Information disclosure through Python's "format" functionality in Zope AccessControl — AccessControlCWE-200 6.8 Medium2023-09-06
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython — RestrictedPythonCWE-74 8.3 High2023-08-30
CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape — RestrictedPythonCWE-913 8.4 High2023-07-11
CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module — Products.CMFCoreCWE-770 7.5 High2023-07-03
CVE-2021-32811 Remote Code Execution via Script (Python) objects under Python 3 — ZopeCWE-915 7.5 High2021-08-02
CVE-2021-32807 Remote Code Execution via unsafe classes in otherwise permitted modules — AccessControlCWE-915 4.4 Medium2021-07-30
CVE-2021-32674 Remote Code Execution via traversal in TAL expressions — ZopeCWE-22 8.8 High2021-06-08
CVE-2021-32633 Remote Code Execution via traversal in TAL expressions — ZopeCWE-22 6.8 Medium2021-05-21
CVE-2021-21360 Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup — Products.GenericSetupCWE-200 5.3 Medium2021-03-09
CVE-2021-21337 URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService — Products.PluggableAuthServiceCWE-601 5.7 Medium2021-03-08
CVE-2021-21336 Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager — Products.PluggableAuthServiceCWE-200 6.5 Medium2021-03-08

This page lists every published CVE security advisory associated with zopefoundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.