Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00eDgzLTVndzUtcTM0Ns3B2w
Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
Permalink: https://github.com/advisories/GHSA-4x83-5gw5-q346JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00eDgzLTVndzUtcTM0Ns3B2w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 20 days ago
Identifiers: GHSA-4x83-5gw5-q346, CVE-2009-0668
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-0668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- https://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- https://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- https://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- https://github.com/advisories/GHSA-4x83-5gw5-q346
Affected Packages
pypi:ZODB3
Dependent packages: 7Dependent repositories: 8
Downloads: 8,948 last month
Affected Version Ranges: < 3.8.2
Fixed in: 3.8.2
All affected versions: 3.1.5, 3.2.10, 3.3.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.2, 3.8.0, 3.8.1
All unaffected versions: 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.11.0