CVE-2009-0668
zodb - several
9.8
CRITICAL
CVSS 3.1
EPSS 0.64%
Description
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
How to fix CVE-2009-0668
To remediate CVE-2009-0668, upgrade the affected package to a fixed version below.
- Debian/zodb—upgrade to 1:3.8.2-1 or later
- —upgrade to 1:3.6.0-2+lenny3 or later
- —upgrade to 2.10.6-1+lenny1 or later
- —upgrade to 2.9.6-4etch2 or later
- —upgrade to 3.8.2 or later
- —upgrade to 3.8.2 or later
Is CVE-2009-0668 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 1:3.8.2-1
- from 0, < 1:3.6.0-2+lenny3
- from 0, < 2.10.6-1+lenny1
- from 0, < 2.9.6-4etch2
- from 0, < 3.8.2
- from 0, < 3.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |