High severityNVD Advisory· Published Aug 7, 2009· Updated Apr 23, 2026

CVE-2009-0669

Description

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ZODB3PyPI	< 3.8.2	3.8.2

Affected products

Zope/Zodb3 versions
cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*range: <=3.8.1
- cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pypi.python.org/pypi/ZODB3/3.8.2nvdPatchVendor AdvisoryWEB
secunia.com/advisories/36204nvdVendor Advisory
secunia.com/advisories/36205nvdVendor Advisory
github.com/advisories/GHSA-5432-c996-hvhjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2009-0669ghsaADVISORY
mail.zope.org/pipermail/zope-announce/2009-August/002220.htmlnvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/52379nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-9.yamlghsaWEB
osvdb.org/56826nvd
www.securityfocus.com/bid/35987nvd
www.vupen.com/english/advisories/2009/2217nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000