{"id":"PYSEC-2006-7","details":"Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.","aliases":["CVE-2006-3458","GHSA-jcjp-qqpq-pc54"],"modified":"2026-06-10T17:00:28.526859224Z","published":"2006-07-07T23:05:00Z","withdrawn":"2024-11-22T04:37:05Z","references":[{"type":"WEB","url":"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"},{"type":"ADVISORY","url":"http://secunia.com/advisories/20988"},{"type":"WEB","url":"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/18856"},{"type":"ADVISORY","url":"http://secunia.com/advisories/21025"},{"type":"ADVISORY","url":"http://www.debian.org/security/2006/dsa-1113"},{"type":"ADVISORY","url":"http://secunia.com/advisories/21130"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2006_19_sr.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/21459"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/2681"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"},{"type":"WEB","url":"https://usn.ubuntu.com/317-1/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-jcjp-qqpq-pc54"}],"affected":[{"package":{"name":"zope2","ecosystem":"PyPI","purl":"pkg:pypi/zope2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.12.0","2.12.0.a1","2.12.0a2","2.12.0a3","2.12.0a4","2.12.0b1","2.12.0b2","2.12.0b3","2.12.0b4","2.12.0c1","2.12.1","2.12.10","2.12.11","2.12.12","2.12.13","2.12.14","2.12.15","2.12.16","2.12.17","2.12.18","2.12.19","2.12.2","2.12.20","2.12.21","2.12.22","2.12.23","2.12.24","2.12.25","2.12.26","2.12.27","2.12.28","2.12.3","2.12.4","2.12.5","2.12.6","2.12.7","2.12.8","2.12.9","2.13.0","2.13.0a1","2.13.0a2","2.13.0a3","2.13.0a4","2.13.0b1","2.13.0c1","2.13.1","2.13.10","2.13.11","2.13.12","2.13.13","2.13.14","2.13.15","2.13.16","2.13.17","2.13.18","2.13.19","2.13.2","2.13.20","2.13.21","2.13.22","2.13.23","2.13.24","2.13.25","2.13.26","2.13.27","2.13.28","2.13.29","2.13.3","2.13.30","2.13.4","2.13.5","2.13.6","2.13.7","2.13.8","2.13.9","4.0","4.0a1","4.0a2","4.0a3","4.0a4","4.0a5","4.0a6","4.0b1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2006-7.yaml"}}],"schema_version":"1.7.5"}