CVE-2024-51734: Access control vulnerable to user data deletion by anonynmous users

November 4, 2024 (updated November 5, 2024)

Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access.

References

github.com/advisories/GHSA-g5vw-3h65-2q3v
github.com/zopefoundation/AccessControl
github.com/zopefoundation/AccessControl/issues/159
github.com/zopefoundation/AccessControl/security/advisories/GHSA-g5vw-3h65-2q3v
nvd.nist.gov/vuln/detail/CVE-2024-51734

Code Behaviors & Features

Detect and mitigate CVE-2024-51734 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →