Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw

Zope Object Database (ZODB) Arbitrary files reading and deletion

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Permalink: https://github.com/advisories/GHSA-m52m-2qpx-9j4j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNTJtLTJxcHgtOWo0as3JVw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 month ago


Identifiers: GHSA-m52m-2qpx-9j4j, CVE-2009-2701
References: Blast Radius: 0.0

Affected Packages

pypi:zodb3
Dependent packages: 7
Dependent repositories: 8
Downloads: 8,948 last month
Affected Version Ranges: >= 3.9a0, < 3.9.0c2, >= 3.8, < 3.8.3
Fixed in: 3.9.0c2, 3.8.3
All affected versions: 3.1.5, 3.2.10, 3.3.1, 3.4.2, 3.5.0, 3.5.1, 3.6.0, 3.7.0, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.9.0-a1, 3.9.0-a2, 3.9.0-a3, 3.9.0-a4, 3.9.0-a5, 3.9.0-a6, 3.9.0-a7, 3.9.0-a9, 3.9.0-a10, 3.9.0-a11, 3.9.0-a12, 3.9.0-b1, 3.9.0-b2, 3.9.0-b3, 3.9.0-b4, 3.9.0-b5, 3.9.0-c1
All unaffected versions: 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.11.0