—

PYSEC-2009-9

상세

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / zodb3

최초 영향 버전: 0 수정 버전: 3.8.2

수정 pip install --upgrade 'zodb3>=3.8.2'

참고

http://secunia.com/advisories/36205 [ADVISORY]
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html [WEB]
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 [WEB]
http://secunia.com/advisories/36204 [ADVISORY]
http://osvdb.org/56826 [WEB]
http://www.securityfocus.com/bid/35987 [WEB]
http://www.vupen.com/english/advisories/2009/2217 [ADVISORY]
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379 [WEB]
https://github.com/advisories/GHSA-5432-c996-hvhj [ADVISORY]