Moderate severityNVD Advisory· Published Nov 6, 2010· Updated Jun 16, 2026
CVE-2010-2477
CVE-2010-2477
Description
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pastePyPI | < 1.7.4 | 1.7.4 |
Affected products
23cpe:2.3:a:pythonpaste:paste:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:pythonpaste:paste:*:*:*:*:*:*:*:*range: <=1.7.3.1
- cpe:2.3:a:pythonpaste:paste:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:pythonpaste:paste:1.7.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
14- marc.infonvdPatchWEB
- marc.infonvdPatchWEB
- github.com/advisories/GHSA-7gfc-2v6g-6w9fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-2477ghsaADVISORY
- groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5nvdWEB
- groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8nvdWEB
- pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_holenvdWEB
- www.ubuntu.com/usn/USN-1026-1nvdWEB
- github.com/cdent/paste/commit/4910493c62f369a3222357af09450930e4c93f5eghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paste/PYSEC-2010-29.yamlghsaWEB
- web.archive.org/web/20111227133546/http://secunia.com/advisories/42500ghsaWEB
- web.archive.org/web/20120527154041/http://www.securityfocus.com/bid/41160ghsaWEB
- secunia.com/advisories/42500nvd
- www.securityfocus.com/bid/41160nvd
News mentions
0No linked articles in our index yet.