CVE-2009-0668 — Code Injection in Zodb

CWE-94 — Code Injection7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 29.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zope Zodb

Timeline

PublishedAug 7

Latest updateMay 2

Description

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶Debianzope/zodb< 1:3.8.2-1

▶NVDzope/zodb3.8.1+16

🔴Vulnerability Details

OSV

Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers↗2022-05-02

▶

GHSA

Zope Object Database (ZODB) vulnerable to arbitrary Python code execution in ZEO storage servers↗2022-05-02

▶

OSV

CVE-2009-0668: Unspecified vulnerability in Zope Object Database (ZODB) before 3↗2009-08-07

▶

📋Vendor Advisories

Ubuntu

Zope vulnerabilities↗2009-10-14

▶

Red Hat

zope: ZEO arbitrary Python code execution in the context of server process↗2009-08-06

▶

💬Community

Bugzilla

CVE-2009-0668 zope: ZEO arbitrary Python code execution in the context of server process↗2009-07-23

▶