CVE-2009-2701: Zope Object Database (ZODB) Arbitrary files reading and deletion

May 2, 2022 (updated November 19, 2024)

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

References

github.com/advisories/GHSA-m52m-2qpx-9j4j
github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
github.com/zopefoundation/ZODB3
mail.zope.org/pipermail/zope-announce/2009-September/002221.html
nvd.nist.gov/vuln/detail/CVE-2009-2701

Code Behaviors & Features

Detect and mitigate CVE-2009-2701 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →