GitHub Advisory DatabaseGHSA-M52M-2QPX-9J4JZope Object Database (ZODB) Arbitrary files reading and deletion
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.2%
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
Affected configurations
References
pypi.python.org/pypi/ZODB3/3.8.3
pypi.python.org/pypi/ZODB3/3.9.0c2
www.vupen.com/english/advisories/2009/2534
github.com/advisories/GHSA-m52m-2qpx-9j4j
github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
mail.zope.org/pipermail/zope-announce/2009-September/002221.html
nvd.nist.gov/vuln/detail/CVE-2009-2701
Related
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.2%