{"id":"PYSEC-2009-9","details":"Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.","aliases":["CVE-2009-0669","GHSA-5432-c996-hvhj"],"modified":"2024-04-01T20:11:37.258525Z","published":"2009-08-07T19:30:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/36205"},{"type":"WEB","url":"http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"},{"type":"WEB","url":"http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36204"},{"type":"WEB","url":"http://osvdb.org/56826"},{"type":"WEB","url":"http://www.securityfocus.com/bid/35987"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/2217"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/52379"}],"affected":[{"package":{"name":"zodb3","ecosystem":"PyPI","purl":"pkg:pypi/zodb3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.2"}]}],"versions":["3.1.5","3.2.10","3.3.1","3.4.2","3.5.0","3.5.1","3.6.0","3.7.0","3.7.2","3.8.0","3.8.0a1","3.8.0b1","3.8.0b2","3.8.0b3","3.8.0b4","3.8.0c1","3.8.1","3.8.1b1","3.8.1b2","3.8.1b3","3.8.1b4","3.8.1b5","3.8.1b6","3.8.1b7","3.8.1b8","3.8.1b9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/zodb3/PYSEC-2009-9.yaml"}}],"schema_version":"1.7.3"}