Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01NDMyLWM5OTYtaHZoas3B2Q
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
Permalink: https://github.com/advisories/GHSA-5432-c996-hvhjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NDMyLWM5OTYtaHZoas3B2Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 2 months ago
Identifiers: GHSA-5432-c996-hvhj, CVE-2009-0669
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-0669
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52379
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://osvdb.org/56826
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- http://secunia.com/advisories/36204
- http://secunia.com/advisories/36205
- http://www.securityfocus.com/bid/35987
- http://www.vupen.com/english/advisories/2009/2217
- https://github.com/advisories/GHSA-5432-c996-hvhj
Affected Packages
pypi:ZODB3
Dependent packages: 7Dependent repositories: 8
Downloads: 8,948 last month
Affected Version Ranges: < 3.8.2
Fixed in: 3.8.2
All affected versions: 3.1.5, 3.2.10, 3.3.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.2, 3.8.0, 3.8.1
All unaffected versions: 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.11.0