GHSA-m52m-2qpx-9j4j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m52m-2qpx-9j4j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m52m-2qpx-9j4j/GHSA-m52m-2qpx-9j4j.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m52m-2qpx-9j4j
- Aliases
-
- CVE-2009-2701
- PYSEC-2009-10
- Published
- 2022-05-02T03:37:58Z
- Modified
- 2024-11-30T05:26:57.828031Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Zope Object Database (ZODB) Arbitrary files reading and deletion
- Details
-
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
- Database specific
{ "nvd_published_at": "2009-09-08T18:30:00Z", "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-22T18:59:10Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-2701
- https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
- https://github.com/zopefoundation/ZODB3
- https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
- http://pypi.python.org/pypi/ZODB3/3.8.3
- http://pypi.python.org/pypi/ZODB3/3.9.0c2
Affected packages
PyPI / zodb3
Package
- Name
- zodb3
- View open source insights on deps.dev
- Purl
- pkg:pypi/zodb3
PyPI / zodb3
Package
- Name
- zodb3
- View open source insights on deps.dev
- Purl
- pkg:pypi/zodb3