CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.5%

CVSS Severity

CVSS v3 Score 6.8

References

Products affected by CVE-2023-41050

Zope » Accesscontrol » Version: 2.13.0

cpe:2.3:a:zope:accesscontrol:2.13.0
Zope » Accesscontrol » Version: 2.13.1

cpe:2.3:a:zope:accesscontrol:2.13.1
Zope » Accesscontrol » Version: 2.13.10

cpe:2.3:a:zope:accesscontrol:2.13.10
Zope » Accesscontrol » Version: 2.13.11

cpe:2.3:a:zope:accesscontrol:2.13.11
Zope » Accesscontrol » Version: 2.13.12

cpe:2.3:a:zope:accesscontrol:2.13.12
Zope » Accesscontrol » Version: 2.13.13

cpe:2.3:a:zope:accesscontrol:2.13.13
Zope » Accesscontrol » Version: 2.13.14

cpe:2.3:a:zope:accesscontrol:2.13.14
Zope » Accesscontrol » Version: 2.13.15

cpe:2.3:a:zope:accesscontrol:2.13.15
Zope » Accesscontrol » Version: 2.13.16

cpe:2.3:a:zope:accesscontrol:2.13.16
Zope » Accesscontrol » Version: 2.13.2

cpe:2.3:a:zope:accesscontrol:2.13.2
Zope » Accesscontrol » Version: 2.13.3

cpe:2.3:a:zope:accesscontrol:2.13.3
Zope » Accesscontrol » Version: 2.13.4

cpe:2.3:a:zope:accesscontrol:2.13.4
Zope » Accesscontrol » Version: 2.13.5

cpe:2.3:a:zope:accesscontrol:2.13.5
Zope » Accesscontrol » Version: 2.13.6

cpe:2.3:a:zope:accesscontrol:2.13.6
Zope » Accesscontrol » Version: 2.13.7

cpe:2.3:a:zope:accesscontrol:2.13.7
Zope » Accesscontrol » Version: 2.13.8

cpe:2.3:a:zope:accesscontrol:2.13.8
Zope » Accesscontrol » Version: 2.13.9

cpe:2.3:a:zope:accesscontrol:2.13.9
Zope » Accesscontrol » Version: 3.0

cpe:2.3:a:zope:accesscontrol:3.0
Zope » Accesscontrol » Version: 3.0.1

cpe:2.3:a:zope:accesscontrol:3.0.1
Zope » Accesscontrol » Version: 3.0.10

cpe:2.3:a:zope:accesscontrol:3.0.10
Zope » Accesscontrol » Version: 3.0.11

cpe:2.3:a:zope:accesscontrol:3.0.11
Zope » Accesscontrol » Version: 3.0.12

cpe:2.3:a:zope:accesscontrol:3.0.12
Zope » Accesscontrol » Version: 3.0.13

cpe:2.3:a:zope:accesscontrol:3.0.13
Zope » Accesscontrol » Version: 3.0.14

cpe:2.3:a:zope:accesscontrol:3.0.14
Zope » Accesscontrol » Version: 3.0.2

cpe:2.3:a:zope:accesscontrol:3.0.2
Zope » Accesscontrol » Version: 3.0.3

cpe:2.3:a:zope:accesscontrol:3.0.3
Zope » Accesscontrol » Version: 3.0.4

cpe:2.3:a:zope:accesscontrol:3.0.4
Zope » Accesscontrol » Version: 3.0.5

cpe:2.3:a:zope:accesscontrol:3.0.5
Zope » Accesscontrol » Version: 3.0.6

cpe:2.3:a:zope:accesscontrol:3.0.6
Zope » Accesscontrol » Version: 3.0.7

cpe:2.3:a:zope:accesscontrol:3.0.7
Zope » Accesscontrol » Version: 3.0.8

cpe:2.3:a:zope:accesscontrol:3.0.8
Zope » Accesscontrol » Version: 3.0.9

cpe:2.3:a:zope:accesscontrol:3.0.9
Zope » Accesscontrol » Version: 4.0

cpe:2.3:a:zope:accesscontrol:4.0
Zope » Accesscontrol » Version: 4.1

cpe:2.3:a:zope:accesscontrol:4.1
Zope » Accesscontrol » Version: 4.2

cpe:2.3:a:zope:accesscontrol:4.2
Zope » Accesscontrol » Version: 4.3

cpe:2.3:a:zope:accesscontrol:4.3
Zope » Accesscontrol » Version: 5.0

cpe:2.3:a:zope:accesscontrol:5.0
Zope » Accesscontrol » Version: 5.1

cpe:2.3:a:zope:accesscontrol:5.1
Zope » Accesscontrol » Version: 5.2

cpe:2.3:a:zope:accesscontrol:5.2
Zope » Accesscontrol » Version: 5.3

cpe:2.3:a:zope:accesscontrol:5.3
Zope » Accesscontrol » Version: 5.3.1

cpe:2.3:a:zope:accesscontrol:5.3.1
Zope » Accesscontrol » Version: 5.4

cpe:2.3:a:zope:accesscontrol:5.4
Zope » Accesscontrol » Version: 5.5

cpe:2.3:a:zope:accesscontrol:5.5
Zope » Accesscontrol » Version: 5.6

cpe:2.3:a:zope:accesscontrol:5.6
Zope » Accesscontrol » Version: 5.7

cpe:2.3:a:zope:accesscontrol:5.7
Zope » Accesscontrol » Version: 6.0

cpe:2.3:a:zope:accesscontrol:6.0
Zope » Accesscontrol » Version: 6.1

cpe:2.3:a:zope:accesscontrol:6.1
Zope » Zope » Version: 2.10.0

cpe:2.3:a:zope:zope:2.10.0
Zope » Zope » Version: 2.10.1

cpe:2.3:a:zope:zope:2.10.1
Zope » Zope » Version: 2.10.10

cpe:2.3:a:zope:zope:2.10.10
Zope » Zope » Version: 2.10.11

cpe:2.3:a:zope:zope:2.10.11
Zope » Zope » Version: 2.10.12

cpe:2.3:a:zope:zope:2.10.12
Zope » Zope » Version: 2.10.13

cpe:2.3:a:zope:zope:2.10.13
Zope » Zope » Version: 2.10.2

cpe:2.3:a:zope:zope:2.10.2
Zope » Zope » Version: 2.10.3

cpe:2.3:a:zope:zope:2.10.3
Zope » Zope » Version: 2.10.4

cpe:2.3:a:zope:zope:2.10.4
Zope » Zope » Version: 2.10.5

cpe:2.3:a:zope:zope:2.10.5
Zope » Zope » Version: 2.10.6

cpe:2.3:a:zope:zope:2.10.6
Zope » Zope » Version: 2.10.7

cpe:2.3:a:zope:zope:2.10.7
Zope » Zope » Version: 2.10.8

cpe:2.3:a:zope:zope:2.10.8
Zope » Zope » Version: 2.10.9

cpe:2.3:a:zope:zope:2.10.9
Zope » Zope » Version: 2.11.0

cpe:2.3:a:zope:zope:2.11.0
Zope » Zope » Version: 2.11.1

cpe:2.3:a:zope:zope:2.11.1
Zope » Zope » Version: 2.11.2

cpe:2.3:a:zope:zope:2.11.2
Zope » Zope » Version: 2.11.3

cpe:2.3:a:zope:zope:2.11.3
Zope » Zope » Version: 2.11.4

cpe:2.3:a:zope:zope:2.11.4
Zope » Zope » Version: 2.11.6

cpe:2.3:a:zope:zope:2.11.6
Zope » Zope » Version: 2.11.7

cpe:2.3:a:zope:zope:2.11.7
Zope » Zope » Version: 2.11.8

cpe:2.3:a:zope:zope:2.11.8
Zope » Zope » Version: 2.12.0

cpe:2.3:a:zope:zope:2.12.0
Zope » Zope » Version: 2.12.1

cpe:2.3:a:zope:zope:2.12.1
Zope » Zope » Version: 2.12.10

cpe:2.3:a:zope:zope:2.12.10
Zope » Zope » Version: 2.12.11

cpe:2.3:a:zope:zope:2.12.11
Zope » Zope » Version: 2.12.12

cpe:2.3:a:zope:zope:2.12.12
Zope » Zope » Version: 2.12.13

cpe:2.3:a:zope:zope:2.12.13
Zope » Zope » Version: 2.12.14

cpe:2.3:a:zope:zope:2.12.14
Zope » Zope » Version: 2.12.15

cpe:2.3:a:zope:zope:2.12.15
Zope » Zope » Version: 2.12.16

cpe:2.3:a:zope:zope:2.12.16
Zope » Zope » Version: 2.12.17

cpe:2.3:a:zope:zope:2.12.17
Zope » Zope » Version: 2.12.18

cpe:2.3:a:zope:zope:2.12.18
Zope » Zope » Version: 2.12.19

cpe:2.3:a:zope:zope:2.12.19
Zope » Zope » Version: 2.12.2

cpe:2.3:a:zope:zope:2.12.2
Zope » Zope » Version: 2.12.20

cpe:2.3:a:zope:zope:2.12.20
Zope » Zope » Version: 2.12.21

cpe:2.3:a:zope:zope:2.12.21
Zope » Zope » Version: 2.12.22

cpe:2.3:a:zope:zope:2.12.22
Zope » Zope » Version: 2.12.23

cpe:2.3:a:zope:zope:2.12.23
Zope » Zope » Version: 2.12.24

cpe:2.3:a:zope:zope:2.12.24
Zope » Zope » Version: 2.12.25

cpe:2.3:a:zope:zope:2.12.25
Zope » Zope » Version: 2.12.26

cpe:2.3:a:zope:zope:2.12.26
Zope » Zope » Version: 2.12.27

cpe:2.3:a:zope:zope:2.12.27
Zope » Zope » Version: 2.12.28

cpe:2.3:a:zope:zope:2.12.28
Zope » Zope » Version: 2.12.3

cpe:2.3:a:zope:zope:2.12.3
Zope » Zope » Version: 2.12.4

cpe:2.3:a:zope:zope:2.12.4
Zope » Zope » Version: 2.12.5

cpe:2.3:a:zope:zope:2.12.5
Zope » Zope » Version: 2.12.6

cpe:2.3:a:zope:zope:2.12.6
Zope » Zope » Version: 2.12.7

cpe:2.3:a:zope:zope:2.12.7
Zope » Zope » Version: 2.12.8

cpe:2.3:a:zope:zope:2.12.8
Zope » Zope » Version: 2.12.9

cpe:2.3:a:zope:zope:2.12.9
Zope » Zope » Version: 2.13.0

cpe:2.3:a:zope:zope:2.13.0
Zope » Zope » Version: 2.13.1

cpe:2.3:a:zope:zope:2.13.1
Zope » Zope » Version: 2.13.10

cpe:2.3:a:zope:zope:2.13.10
Zope » Zope » Version: 2.13.11

cpe:2.3:a:zope:zope:2.13.11
Zope » Zope » Version: 2.13.12

cpe:2.3:a:zope:zope:2.13.12
Zope » Zope » Version: 2.13.13

cpe:2.3:a:zope:zope:2.13.13
Zope » Zope » Version: 2.13.14

cpe:2.3:a:zope:zope:2.13.14
Zope » Zope » Version: 2.13.15

cpe:2.3:a:zope:zope:2.13.15
Zope » Zope » Version: 2.13.16

cpe:2.3:a:zope:zope:2.13.16
Zope » Zope » Version: 2.13.17

cpe:2.3:a:zope:zope:2.13.17
Zope » Zope » Version: 2.13.18

cpe:2.3:a:zope:zope:2.13.18
Zope » Zope » Version: 2.13.19

cpe:2.3:a:zope:zope:2.13.19
Zope » Zope » Version: 2.13.2

cpe:2.3:a:zope:zope:2.13.2
Zope » Zope » Version: 2.13.20

cpe:2.3:a:zope:zope:2.13.20
Zope » Zope » Version: 2.13.21

cpe:2.3:a:zope:zope:2.13.21
Zope » Zope » Version: 2.13.22

cpe:2.3:a:zope:zope:2.13.22
Zope » Zope » Version: 2.13.23

cpe:2.3:a:zope:zope:2.13.23
Zope » Zope » Version: 2.13.24

cpe:2.3:a:zope:zope:2.13.24
Zope » Zope » Version: 2.13.25

cpe:2.3:a:zope:zope:2.13.25
Zope » Zope » Version: 2.13.26

cpe:2.3:a:zope:zope:2.13.26
Zope » Zope » Version: 2.13.27

cpe:2.3:a:zope:zope:2.13.27
Zope » Zope » Version: 2.13.28

cpe:2.3:a:zope:zope:2.13.28
Zope » Zope » Version: 2.13.29

cpe:2.3:a:zope:zope:2.13.29
Zope » Zope » Version: 2.13.3

cpe:2.3:a:zope:zope:2.13.3
Zope » Zope » Version: 2.13.30

cpe:2.3:a:zope:zope:2.13.30
Zope » Zope » Version: 2.13.4

cpe:2.3:a:zope:zope:2.13.4
Zope » Zope » Version: 2.13.5

cpe:2.3:a:zope:zope:2.13.5
Zope » Zope » Version: 2.13.6

cpe:2.3:a:zope:zope:2.13.6
Zope » Zope » Version: 2.13.7

cpe:2.3:a:zope:zope:2.13.7
Zope » Zope » Version: 2.13.8

cpe:2.3:a:zope:zope:2.13.8
Zope » Zope » Version: 2.13.9

cpe:2.3:a:zope:zope:2.13.9
Zope » Zope » Version: 2.5.1

cpe:2.3:a:zope:zope:2.5.1
Zope » Zope » Version: 2.6.0

cpe:2.3:a:zope:zope:2.6.0
Zope » Zope » Version: 2.6.1

cpe:2.3:a:zope:zope:2.6.1
Zope » Zope » Version: 2.6.4

cpe:2.3:a:zope:zope:2.6.4
Zope » Zope » Version: 2.7.0

cpe:2.3:a:zope:zope:2.7.0
Zope » Zope » Version: 2.7.1

cpe:2.3:a:zope:zope:2.7.1
Zope » Zope » Version: 2.7.2

cpe:2.3:a:zope:zope:2.7.2
Zope » Zope » Version: 2.7.3

cpe:2.3:a:zope:zope:2.7.3
Zope » Zope » Version: 2.7.4

cpe:2.3:a:zope:zope:2.7.4
Zope » Zope » Version: 2.7.5

cpe:2.3:a:zope:zope:2.7.5
Zope » Zope » Version: 2.7.6

cpe:2.3:a:zope:zope:2.7.6
Zope » Zope » Version: 2.7.7

cpe:2.3:a:zope:zope:2.7.7
Zope » Zope » Version: 2.7.8

cpe:2.3:a:zope:zope:2.7.8
Zope » Zope » Version: 2.8.0

cpe:2.3:a:zope:zope:2.8.0
Zope » Zope » Version: 2.8.1

cpe:2.3:a:zope:zope:2.8.1
Zope » Zope » Version: 2.8.10

cpe:2.3:a:zope:zope:2.8.10
Zope » Zope » Version: 2.8.11

cpe:2.3:a:zope:zope:2.8.11
Zope » Zope » Version: 2.8.12

cpe:2.3:a:zope:zope:2.8.12
Zope » Zope » Version: 2.8.2

cpe:2.3:a:zope:zope:2.8.2
Zope » Zope » Version: 2.8.3

cpe:2.3:a:zope:zope:2.8.3
Zope » Zope » Version: 2.8.4

cpe:2.3:a:zope:zope:2.8.4
Zope » Zope » Version: 2.8.5

cpe:2.3:a:zope:zope:2.8.5
Zope » Zope » Version: 2.8.6

cpe:2.3:a:zope:zope:2.8.6
Zope » Zope » Version: 2.8.7

cpe:2.3:a:zope:zope:2.8.7
Zope » Zope » Version: 2.8.8

cpe:2.3:a:zope:zope:2.8.8
Zope » Zope » Version: 2.8.9

cpe:2.3:a:zope:zope:2.8.9
Zope » Zope » Version: 2.8.9.1

cpe:2.3:a:zope:zope:2.8.9.1
Zope » Zope » Version: 2.9.0

cpe:2.3:a:zope:zope:2.9.0
Zope » Zope » Version: 2.9.1

cpe:2.3:a:zope:zope:2.9.1
Zope » Zope » Version: 2.9.10

cpe:2.3:a:zope:zope:2.9.10
Zope » Zope » Version: 2.9.11

cpe:2.3:a:zope:zope:2.9.11
Zope » Zope » Version: 2.9.12

cpe:2.3:a:zope:zope:2.9.12
Zope » Zope » Version: 2.9.2

cpe:2.3:a:zope:zope:2.9.2
Zope » Zope » Version: 2.9.3

cpe:2.3:a:zope:zope:2.9.3
Zope » Zope » Version: 2.9.4

cpe:2.3:a:zope:zope:2.9.4
Zope » Zope » Version: 2.9.5

cpe:2.3:a:zope:zope:2.9.5
Zope » Zope » Version: 2.9.6

cpe:2.3:a:zope:zope:2.9.6
Zope » Zope » Version: 2.9.7

cpe:2.3:a:zope:zope:2.9.7
Zope » Zope » Version: 2.9.8

cpe:2.3:a:zope:zope:2.9.8
Zope » Zope » Version: 2.9.9

cpe:2.3:a:zope:zope:2.9.9
Zope » Zope » Version: 3.1.1

cpe:2.3:a:zope:zope:3.1.1
Zope » Zope » Version: 3.4.0

cpe:2.3:a:zope:zope:3.4.0
Zope » Zope » Version: 4.0

cpe:2.3:a:zope:zope:4.0
Zope » Zope » Version: 4.1

cpe:2.3:a:zope:zope:4.1
Zope » Zope » Version: 4.1.1

cpe:2.3:a:zope:zope:4.1.1
Zope » Zope » Version: 4.1.2

cpe:2.3:a:zope:zope:4.1.2
Zope » Zope » Version: 4.1.3

cpe:2.3:a:zope:zope:4.1.3
Zope » Zope » Version: 4.2

cpe:2.3:a:zope:zope:4.2
Zope » Zope » Version: 4.2.1

cpe:2.3:a:zope:zope:4.2.1
Zope » Zope » Version: 4.3

cpe:2.3:a:zope:zope:4.3
Zope » Zope » Version: 4.4

cpe:2.3:a:zope:zope:4.4
Zope » Zope » Version: 4.4.1

cpe:2.3:a:zope:zope:4.4.1
Zope » Zope » Version: 4.4.2

cpe:2.3:a:zope:zope:4.4.2
Zope » Zope » Version: 4.4.3

cpe:2.3:a:zope:zope:4.4.3
Zope » Zope » Version: 4.4.4

cpe:2.3:a:zope:zope:4.4.4
Zope » Zope » Version: 4.5

cpe:2.3:a:zope:zope:4.5
Zope » Zope » Version: 4.5.1

cpe:2.3:a:zope:zope:4.5.1
Zope » Zope » Version: 4.5.2

cpe:2.3:a:zope:zope:4.5.2
Zope » Zope » Version: 4.5.3

cpe:2.3:a:zope:zope:4.5.3
Zope » Zope » Version: 4.5.4

cpe:2.3:a:zope:zope:4.5.4
Zope » Zope » Version: 4.5.5

cpe:2.3:a:zope:zope:4.5.5
Zope » Zope » Version: 4.6

cpe:2.3:a:zope:zope:4.6
Zope » Zope » Version: 4.6.1

cpe:2.3:a:zope:zope:4.6.1
Zope » Zope » Version: 4.6.3

cpe:2.3:a:zope:zope:4.6.3
Zope » Zope » Version: 5.0

cpe:2.3:a:zope:zope:5.0
Zope » Zope » Version: 5.1

cpe:2.3:a:zope:zope:5.1
Zope » Zope » Version: 5.1.1

cpe:2.3:a:zope:zope:5.1.1
Zope » Zope » Version: 5.1.2

cpe:2.3:a:zope:zope:5.1.2
Zope » Zope » Version: 5.2

cpe:2.3:a:zope:zope:5.2
Zope » Zope » Version: 5.2.1

cpe:2.3:a:zope:zope:5.2.1
Zope » Zope » Version: 5.3

cpe:2.3:a:zope:zope:5.3
Zope » Zope » Version: 5.4

cpe:2.3:a:zope:zope:5.4
Zope » Zope » Version: 5.5

cpe:2.3:a:zope:zope:5.5
Zope » Zope » Version: 5.5.1

cpe:2.3:a:zope:zope:5.5.1
Zope » Zope » Version: 5.5.2

cpe:2.3:a:zope:zope:5.5.2
Zope » Zope » Version: 5.6

cpe:2.3:a:zope:zope:5.6
Zope » Zope » Version: 5.7

cpe:2.3:a:zope:zope:5.7
Zope » Zope » Version: 5.7.1

cpe:2.3:a:zope:zope:5.7.1
Zope » Zope » Version: 5.7.2

cpe:2.3:a:zope:zope:5.7.2
Zope » Zope » Version: 5.7.3

cpe:2.3:a:zope:zope:5.7.3
Zope » Zope » Version: 5.8

cpe:2.3:a:zope:zope:5.8
Zope » Zope » Version: 5.8.1

cpe:2.3:a:zope:zope:5.8.1
Zope » Zope » Version: 5.8.2

cpe:2.3:a:zope:zope:5.8.2
Zope » Zope » Version: 5.8.3

cpe:2.3:a:zope:zope:5.8.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-41050

Products

Pricing

Contact Us