Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Zope Object Database (ZODB) Arbitrary files reading and deletion
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
Permalink: https://github.com/advisories/GHSA-m52m-2qpx-9j4jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 15 days ago
Identifiers: GHSA-m52m-2qpx-9j4j, CVE-2009-2701
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-2701
- https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
- http://pypi.python.org/pypi/ZODB3/3.8.3
- http://pypi.python.org/pypi/ZODB3/3.9.0c2
- http://www.vupen.com/english/advisories/2009/2534
- https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
- https://github.com/advisories/GHSA-m52m-2qpx-9j4j
Affected Packages
pypi:zodb3
Dependent packages: 7Dependent repositories: 8
Downloads: 8,810 last month
Affected Version Ranges: >= 3.9a0, < 3.9.0c2, >= 3.8, < 3.8.3
Fixed in: 3.9.0c2, 3.8.3
All affected versions: 3.1.5, 3.2.10, 3.3.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.9.0-a1, 3.9.0-a2, 3.9.0-a3, 3.9.0-a4, 3.9.0-a5, 3.9.0-a6, 3.9.0-a7, 3.9.0-a9, 3.9.0-a10, 3.9.0-a11, 3.9.0-a12, 3.9.0-b1, 3.9.0-b2, 3.9.0-b3, 3.9.0-b4, 3.9.0-b5, 3.9.0-c1
All unaffected versions: 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.11.0