CVE-2009-0668: Code Injection
First published: Fri Aug 07 2009(Updated: )
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zope Zodb | <=3.8.1 | |
| Zope Zodb | =3.2 | |
| Zope Zodb | =2.11.4 | |
| Zope Zodb | =2.9.11 | |
| Zope Zodb | =3.8.0 | |
| Zope Zodb | =3.5 | |
| Zope Zodb | =3.4 | |
| Zope Zodb | =3.1.1 | |
| Zope Zodb | =3.3 | |
| Zope Zodb | =3.7 | |
| Zope Zodb | =2.10.9 | |
| Zope Zodb | =3.1 | |
| Zope Zodb | =3.6 | |
| Zope Zodb | =3.2.4 | |
| Zope Zodb | =3.4.1 | |
| Zope Zodb | =3.3.3 | |
| Zope Zodb | =2.8.11 | |
| pip/ZODB3 | <3.8.2 | 3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://secunia.com/advisories/36204
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
- http://secunia.com/advisories/36205
- http://osvdb.org/56827
- http://www.vupen.com/english/advisories/2009/2217
- http://www.securityfocus.com/bid/35987
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
- https://nvd.nist.gov/vuln/detail/CVE-2009-0668
- https://web.archive.org/web/20151023102330/http://secunia.com/advisories/36204
- https://web.archive.org/web/20151023102336/http://secunia.com/advisories/36205
- https://web.archive.org/web/20200229152709/http://www.securityfocus.com/bid/35987
- https://github.com/advisories/GHSA-4x83-5gw5-q346 (Advisory)
- collector/nvd-historical
- collector/nvd-index
- agent/first-publish-date
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4x83-5gw5-q346
- alias/CVE-2009-0668
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/description
- collector/nvd-cve
- source/NVD
- agent/author
- agent/tags
- collector/github-advisory
- vendor/zope
- canonical/zope zodb
- version/zope zodb/3.8.1
- version/zope zodb/3.2
- version/zope zodb/2.11.4
- version/zope zodb/2.9.11
- version/zope zodb/3.8.0
- version/zope zodb/3.5
- version/zope zodb/3.4
- version/zope zodb/3.1.1
- version/zope zodb/3.3
- version/zope zodb/3.7
- version/zope zodb/2.10.9
- version/zope zodb/3.1
- version/zope zodb/3.6
- version/zope zodb/3.2.4
- version/zope zodb/3.4.1
- version/zope zodb/3.3.3
- version/zope zodb/2.8.11
- package-manager/pip