Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the raw command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zope | Zope | 2.7.0 (including) | 2.7.0 (including) |
| Zope | Zope | 2.7.1 (including) | 2.7.1 (including) |
| Zope | Zope | 2.7.2 (including) | 2.7.2 (including) |
| Zope | Zope | 2.7.3 (including) | 2.7.3 (including) |
| Zope | Zope | 2.7.4 (including) | 2.7.4 (including) |
| Zope | Zope | 2.7.5 (including) | 2.7.5 (including) |
| Zope | Zope | 2.7.6 (including) | 2.7.6 (including) |
| Zope | Zope | 2.7.7 (including) | 2.7.7 (including) |
| Zope | Zope | 2.7.8 (including) | 2.7.8 (including) |
| Zope | Zope | 2.8.0 (including) | 2.8.0 (including) |
| Zope | Zope | 2.8.1 (including) | 2.8.1 (including) |
| Zope | Zope | 2.8.2 (including) | 2.8.2 (including) |
| Zope | Zope | 2.8.3 (including) | 2.8.3 (including) |
| Zope | Zope | 2.8.4 (including) | 2.8.4 (including) |
| Zope | Zope | 2.8.5 (including) | 2.8.5 (including) |
| Zope | Zope | 2.8.6 (including) | 2.8.6 (including) |
| Zope | Zope | 2.8.7 (including) | 2.8.7 (including) |
| Zope | Zope | 2.9.0 (including) | 2.9.0 (including) |
| Zope | Zope | 2.9.1 (including) | 2.9.1 (including) |
| Zope | Zope | 2.9.2 (including) | 2.9.2 (including) |
| Zope | Zope | 2.9.3 (including) | 2.9.3 (including) |
| Zope2.10 | Ubuntu | devel | * |
| Zope2.9 | Ubuntu | dapper | * |
| Zope2.9 | Ubuntu | devel | * |
| Zope2.9 | Ubuntu | edgy | * |
| Zope2.9 | Ubuntu | feisty | * |