CVE-2023-44389
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh
- https://nvd.nist.gov/vuln/detail/CVE-2023-44389
- https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a
- https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d
- https://github.com/pypa/advisory-database/tree/main/vulns/zope/PYSEC-2023-193.yaml
- https://github.com/zopefoundation/Zope
Verify integrity in audit chain (admin only). AS-IS.