Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-20] Zope: File inclusion through RestructuredText Vulnerability Scan
Vulnerability Scan Summary
Zope: File inclusion through RestructuredText
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-20
(Zope: File inclusion through RestructuredText)
Zope honors file inclusion directives in RestructuredText objects
A possible hacker could exploit the vulnerability by sending malicious
input that would be interpreted in a RestructuredText Zope object,
potentially resulting in the execution of arbitrary Zope code with the
rights of the Zope server.
There is no known workaround at this time.
All Zope users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-zope/zope
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.