Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)
WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)