CVE-2009-2701
Zope Object Database (ZODB) Arbitrary files reading and deletion
9.8
CRITICAL
CVSS 3.1
EPSS 0.42%
Description
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
How to fix CVE-2009-2701
To remediate CVE-2009-2701, upgrade the affected package to a fixed version below.
- —upgrade to 3.8.3 or later
- —upgrade to 3.8.3 or later
Is CVE-2009-2701 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 3.8, < 3.8.3
- >= 3.8, < 3.8.3, >= 3.9a0, < 3.9.0c2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |