CVE-2009-2701
CRITICAL9.8EPSS 0.42%Zope Object Database (ZODB) Arbitrary files reading and deletion
發布日:2022/5/2修改日:2024/11/30
描述
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
受影響套件(2)
- PyPI/zodb3>= 3.8, < 3.8.3
- PyPI/zodb3>= 3.8, < 3.8.3, >= 3.9a0, < 3.9.0c2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-2701
- ADVISORYhttp://www.vupen.com/english/advisories/2009/2534
- PATCHhttps://github.com/zopefoundation/ZODB3
- WEBhttp://pypi.python.org/pypi/ZODB3/3.8.3
- WEBhttp://pypi.python.org/pypi/ZODB3/3.9.0c2
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
- WEBhttps://mail.zope.org/pipermail/zope-announce/2009-September/002221.html