Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media Library Assistant Information Disclosure (3.00)
WordPress 5.0.x Directory Traversal (5.0 - 5.0.21)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)
Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)