GCVE - cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*

part: a version: 2.4.0 update: *

Vendor	Zope (`400d8950-2847-5748-8fcd-7612c2170a9a`)
Product	Zope (`0a3941f2-1c45-5687-af62-1666d59c833f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/zopefoundation/zope`	purl2cpe	2026-06-01 10:18:07.158599
`pkg:pypi/zope`	purl2cpe	2026-06-01 10:18:07.158601
`pkg:sourceforge/zope`	purl2cpe	2026-06-01 10:18:07.158602

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-5102`	vulnerable	2026-06-08 04:50:49.559300	Details available PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. Published: 2008-11-17T18:00:00.000Z Updated: 2024-08-07T10:40:17.174Z Open on db.gcve.eu Reference links http://mail.zope.org/pipermail/zope/2008-August/174025.html http://bugs.gentoo.org/show_bug.cgi?id=246411 https://bugs.launchpad.net/zope2/+bug/257269 http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0688`	vulnerable	2026-06-08 04:46:22.015663	Details available ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T02:56:38.693Z Open on db.gcve.eu Reference links http://www.debian.org/security/2004/dsa-490 http://www.iss.net/security_center/static/9610.php http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5812 http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0170`	vulnerable	2026-06-08 04:46:20.829428	Details available Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T02:42:28.134Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=101503023511996&w=2 http://www.zope.org/Products/Zope/hotfixes/ http://www.securityfocus.com/bid/4229 http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.iss.net/security_center/static/8334.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.