CVE-2009-0668 – zodb3

Package

Manager: pip
Name: zodb3
Vulnerable Version: >=0 <3.8.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

EPSS: 0.0064 pctl0.69643

Details

Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

Metadata

Created: 2022-05-02T03:17:24Z
Modified: 2024-11-19T18:32:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4x83-5gw5-q346/GHSA-4x83-5gw5-q346.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-4x83-5gw5-q346
Finding: F422
Auto approve: 1