High severityNVD Advisory· Published May 1, 2012· Updated Jun 16, 2026
CVE-2012-0878
CVE-2012-0878
Description
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pastescriptPyPI | < 2.0.1 | 2.0.1 |
pastePyPI | < 1.7.5.1 | 1.7.5.1 |
Affected products
3- ghsa-coords2 versions
< 1.7.5.1+ 1 more
- (no CPE)range: < 1.7.5.1
- (no CPE)range: < 2.0.1
Patches
Vulnerability mechanics
References
13- www.openwall.com/lists/oss-security/2012/02/23/1nvdPatchWEB
- github.com/advisories/GHSA-27px-qpmj-qg38ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-0878ghsaADVISORY
- groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471nvdWEB
- rhn.redhat.com/errata/RHSA-2012-1206.htmlnvdWEB
- www.openwall.com/lists/oss-security/2012/02/23/4nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/cdent/pastescript/commit/b5f36f2995e1ae117cc53d2bd458d7fb33e4cabeghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/paste/PYSEC-2012-15.yamlghsaWEB
- web.archive.org/web/20140723093519/http://secunia.com/advisories/50410ghsaWEB
- web.archive.org/web/20140803132259/http://secunia.com/advisories/48812ghsaWEB
- secunia.com/advisories/48812nvd
- secunia.com/advisories/50410nvd
News mentions
0No linked articles in our index yet.