DescriptionPythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zope3source(unstable)(not affected)


this only affects installations in which users have unrestricted access to the management
interface. On Debian there one admin user is added for this at installation time and
non-trustworthy users shouldn't have access to the interface.
- zope3 <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems