Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| zope(PyPI) | 2.2.0 | N/A | N/A |
CVSS Metrics
