CVE-2009-2701 – zodb3

Package

Manager: pip
Name: zodb3
Vulnerable Version: >=3.8 <3.8.3 || >=3.9a0 <3.9.0c2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

EPSS: 0.00419 pctl0.61093

Details

Zope Object Database (ZODB) Arbitrary files reading and deletion Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Metadata

Created: 2022-05-02T03:37:58Z
Modified: 2024-11-19T18:34:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m52m-2qpx-9j4j/GHSA-m52m-2qpx-9j4j.json
CWE IDs: []
Alternative ID: GHSA-m52m-2qpx-9j4j
Finding: F159
Auto approve: 1