Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| zope(PyPI) | 2.2.0 | 2.4.4 | N/A |
| zope(PyPI) | 2.5.0 | 2.5.1 | N/A |
CVSS Metrics
