{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:36:40.064","vulnerabilities":[{"cve":{"id":"CVE-2021-32811","sourceIdentifier":"security-advisories@github.com","published":"2021-08-02T22:15:08.333","lastModified":"2024-11-21T06:07:47.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope \"Manager\" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope."},{"lang":"es","value":"Zope es un servidor de aplicaciones web de código abierto. Zope versiones anteriores a 4.6.3 y 5.3 tienen un problema de seguridad de ejecución de código remota . Para ser afectado, uno debe usar Python 3 para su despliegue de Zope, ejecutar Zope 4 por debajo de la versión 4.6.3 o Zope 5 por debajo de la versión 5.3, y tener el paquete adicional opcional \"Products.PythonScripts\" instalado. Por defecto, hay que tener el rol de \"Manager\" de Zope a nivel de administrador para añadir o editar objetos Script (Python) mediante la web. Sólo los sitios que permiten a usuarios no confiables añadir/editar estos scripts mediante la web están en riesgo. Zope versiones 4.6.3 y 5.3 no son vulnerables. Como solución, el administrador del sitio puede restringir la adición/edición de objetos Script (Python) mediante la web usando los mecanismos estándar de permisos de usuario/rol de Zope. Los usuarios que no son de confianza no se les debería asignar el rol de Administrador de Zope y añadir/editar estos scripts mediante la web debería estar restringido sólo a usuarios de confianza. Esta es la configuración predeterminada en Zope"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.3","matchCriteriaId":"8538D35C-EA69-4A87-8DBB-D6522F8C7422"},{"vulnerable":true,"criteria":"cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.2","matchCriteriaId":"34F2C931-DCB6-4326-BBDF-2E9B13946D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.6.3","matchCriteriaId":"30CF6645-50E3-42F0-8E21-8476237210C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.3","matchCriteriaId":"63A55EE7-7617-407F-83AB-219EA3769E61"}]}]}],"references":[{"url":"https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}