VYPR
Critical severityNVD Advisory· Published Sep 8, 2009· Updated Jun 16, 2026

CVE-2009-2701

CVE-2009-2701

Description

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ZODB3PyPI
>= 3.8, < 3.8.33.8.3
ZODB3PyPI
>= 3.9a0, < 3.9.0c23.9.0c2

Affected products

12
  • Zope/Zodb11 versions
    cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0b1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0b2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0b3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0b4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0b5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zodb:3.9.0c1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 3.8, < 3.8.3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.