Vulnerabilities > Pythonpaste
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-05-01 | CVE-2012-0878 | Permissions, Privileges, and Access Controls vulnerability in Pythonpaste Paste Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. | 5.1 |
2010-11-06 | CVE-2010-2477 | Cross-Site Scripting vulnerability in Pythonpaste Paste Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. | 4.3 |