-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly ties the issue to the p_ class in OFS/misc_.py and Python module usage. The provided commit diff shows that the original code had module imports inside the p_ class, which were relocated to the global scope in the patch. Dynamic imports within class methods could allow attackers to influence module resolution (e.g., via path manipulation or monkey-patching), enabling code execution. The patch's removal of these internal imports suggests they were the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| zope2 | pip | >= 2.12.0, < 2.12.20 | 2.12.20 |
| zope2 | pip | >= 2.13.0, < 2.13.10 | 2.13.10 |