—

PYSEC-2009-9

Details

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / zodb3

Introduced in: 0 Fixed in: 3.8.2

Fix pip install --upgrade 'zodb3>=3.8.2'

References

http://secunia.com/advisories/36205 [ADVISORY]
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html [WEB]
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 [WEB]
http://secunia.com/advisories/36204 [ADVISORY]
http://osvdb.org/56826 [WEB]
http://www.securityfocus.com/bid/35987 [WEB]
http://www.vupen.com/english/advisories/2009/2217 [ADVISORY]
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379 [WEB]
https://github.com/advisories/GHSA-5432-c996-hvhj [ADVISORY]