GHSA-m52m-2qpx-9j4j

Suggest an improvement
Source
https://github.com/advisories/GHSA-m52m-2qpx-9j4j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m52m-2qpx-9j4j/GHSA-m52m-2qpx-9j4j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m52m-2qpx-9j4j
Aliases
Published
2022-05-02T03:37:58Z
Modified
2024-04-22T19:26:32.029927Z
Summary
Zope Object Database (ZODB) Arbitrary files reading and deletion
Details

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

References

Affected packages

PyPI / zodb3

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8
Fixed
3.8.3

Affected versions

3.*

3.8.0
3.8.1b1
3.8.1b2
3.8.1b3
3.8.1b4
3.8.1b5
3.8.1b6
3.8.1b7
3.8.1b8
3.8.1b9
3.8.1
3.8.2
3.8.3b1

PyPI / zodb3

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.9a0
Fixed
3.9.0c2

Affected versions

3.*

3.9.0a1
3.9.0a2
3.9.0a3
3.9.0a4
3.9.0a5
3.9.0a6
3.9.0a7
3.9.0a9
3.9.0a10
3.9.0a11
3.9.0a12
3.9.0b1
3.9.0b2
3.9.0b3
3.9.0b4
3.9.0b5
3.9.0c1