CVE-2009-0668

Zope Object Database < 3.8.2 - Remote Code Execution via ZEO Network Protocol

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

References (8)

Core 8
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2217
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36204
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52377
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36205
Various Sources mailing-list x_refsource_mlist
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56827
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35987

Scores

EPSS 0.0216
EPSS Percentile 80.0%

Details

CWE
CWE-94
Status published
Products (18)
pypi/ZODB3 0 - 3.8.2PyPI
zope/zodb 2.8.11
zope/zodb 2.9.11
zope/zodb 2.10.9
zope/zodb 2.11.4
zope/zodb 3.1
zope/zodb 3.1.1
zope/zodb 3.2
zope/zodb 3.2.4
zope/zodb 3.3
... and 8 more
Published Aug 07, 2009
Tracked Since Feb 18, 2026