MidnightBSD

Advisories for pythonpaste

CVE-2010-2477 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pythonpaste paste *
pythonpaste paste 0.3
pythonpaste paste 1.7.1
pythonpaste paste 1.7.3
pythonpaste paste 0.9.1
pythonpaste paste 0.5
pythonpaste paste 1.4.2
pythonpaste paste 1.7
pythonpaste paste 1.2
pythonpaste paste 1.7.2
pythonpaste paste 1.0.1
pythonpaste paste 0.9.4
pythonpaste paste 1.3
pythonpaste paste 1.6
pythonpaste paste 1.1.1
pythonpaste paste 1.5
pythonpaste paste 0.1.0
pythonpaste paste 1.1
pythonpaste paste 1.4
pythonpaste paste 0.4.1
pythonpaste paste 0.9.3
pythonpaste paste 0.9.2
CVE-2012-0878 MEDIUM

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pythonpaste paste *