We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
Reserved 2024-10-31 | Published 2024-11-04 | Updated 2024-11-21 | Assigner GitHub_MCWE-284: Improper Access Control
github.com/...ontrol/security/advisories/GHSA-g5vw-3h65-2q3v
github.com/zopefoundation/AccessControl/issues/159
Support options