CVE-2009-0668
CRITICAL9.8EPSS 0.64%zodb - several
Published: 5/2/2022Modified: 3/9/2026
Description
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
Affected packages (6)
- Debian/zodbfrom 0, < 1:3.8.2-1
- Debian/zodbfrom 0, < 1:3.6.0-2+lenny3
- Debian/zope2.10from 0, < 2.10.6-1+lenny1
- Debian/zope2.9from 0, < 2.9.6-4etch2
- PyPI/zodb3from 0, < 3.8.2
- PyPI/zodb3from 0, < 3.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (14)
- ADVISORYhttp://secunia.com/advisories/36204
- ADVISORYhttp://secunia.com/advisories/36205
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-0668
- ADVISORYhttp://www.vupen.com/english/advisories/2009/2217
- PATCHhttps://github.com/zopefoundation/ZODB3
- WEBhttp://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- WEBhttp://osvdb.org/56827
- WEBhttp://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-8.yaml
- WEBhttps://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- WEBhttps://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- WEBhttps://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- WEBhttp://www.securityfocus.com/bid/35987