Description
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Remediation
References
Related Vulnerabilities
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-10705)
Oracle Database Server CVE-2006-0258 Vulnerability (CVE-2006-0258)