Description
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-4034)
Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-21147)
Oracle Application Server Other Vulnerability (CVE-2002-1632)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)