Browse all 17 CVE security advisories affecting zopefoundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Zope Foundation develops Zope, a Python-based content management framework and application server primarily used for building complex web applications with robust security features. Historically, its vulnerabilities have commonly included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from input validation flaws and insecure default configurations. While Zope's security model emphasizes granular permissions and has generally avoided major high-profile incidents, the 17 recorded CVEs highlight ongoing challenges in maintaining security across its extensive feature set, particularly in third-party extensions and legacy components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-22153 | try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter — RestrictedPythonCWE-843 | 7.9 | High | 2025-01-23 |
| CVE-2024-47532 | RestrictedPython information leakage via `AttributeError.obj` and the `string` module — RestrictedPythonCWE-200 | 6.5 | - | 2024-09-30 |
| CVE-2023-41039 | Sandbox escape via various forms of "format" in RestrictedPython — RestrictedPythonCWE-74 | 8.3 | High | 2023-08-30 |
| CVE-2023-37271 | RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape — RestrictedPythonCWE-913 | 8.4 | High | 2023-07-11 |
This page lists every published CVE security advisory associated with zopefoundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.