PYSEC-2009-9

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/zodb3/PYSEC-2009-9.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2009-9

Aliases

CVE-2009-0669
GHSA-5432-c996-hvhj

Published

2009-08-07T19:30:00Z

Modified

2024-04-01T20:12:02.334920Z

Summary

[none]

Details

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

References

http://secunia.com/advisories/36205
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
http://secunia.com/advisories/36204
http://osvdb.org/56826
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379

Affected packages

PyPI / zodb3

Package

Name: zodb3; View open source insights on deps.dev
Purl: pkg:pypi/zodb3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.2

Affected versions

3.*

3.1.5

3.2.10

3.3.1

3.4.2

3.5.0

3.5.1

3.6.0

3.7.0

3.7.2

3.8.0a1

3.8.0b1

3.8.0b2

3.8.0b3

3.8.0b4

3.8.0c1

3.8.0

3.8.1b1

3.8.1b2

3.8.1b3

3.8.1b4

3.8.1b5

3.8.1b6

3.8.1b7

3.8.1b8

3.8.1b9

3.8.1