CVE-2002-0170

Description

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

How to fix CVE-2002-0170

To remediate CVE-2002-0170, upgrade the affected package to a fixed version below.

• PyPI/zope—upgrade to 2.4.4 or later

Is CVE-2002-0170 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 2.2.0, < 2.4.4

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2002-0170
• PATCHgithub.com/zopefoundation/Zope
• WEBmarc.info/?l=bugtraq&m=101503023511996&w=2
• WEBlaunchpad.net/zope2/+milestone/2.4.4
• WEBlaunchpad.net/zope2/+milestone/2.5.1