GHSA-4x83-5gw5-q346
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4x83-5gw5-q346
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4x83-5gw5-q346/GHSA-4x83-5gw5-q346.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-4x83-5gw5-q346
- Aliases
- Published
- 2022-05-02T03:17:24Z
- Modified
- 2024-11-19T18:50:02.443869Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers
- Details
-
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
- Database specific
{ "nvd_published_at": "2009-08-07T19:30:00Z", "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-29T11:42:27Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-0668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-8.yaml
- https://github.com/zopefoundation/ZODB3
- https://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- https://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- https://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
Affected packages
PyPI / zodb3
Package
- Name
- zodb3
- View open source insights on deps.dev
- Purl
- pkg:pypi/zodb3