CVE-2009-0669: Zope Object Database (ZODB) Authentication bypass in ZEO storage servers

May 2, 2022 (updated November 19, 2024)

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

References

exchange.xforce.ibmcloud.com/vulnerabilities/52379
github.com/advisories/GHSA-5432-c996-hvhj
github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-9.yaml
github.com/zopefoundation/ZODB3
nvd.nist.gov/vuln/detail/CVE-2009-0669

Code Behaviors & Features

Detect and mitigate CVE-2009-0669 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →