VYPR

PyPI package

paste

pkg:pypi/paste

Vulnerabilities (2)

  • CVE-2012-0878May 1, 2012
    affected < 1.7.5.1fixed 1.7.5.1

    Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

  • CVE-2010-2477Nov 6, 2010
    affected < 1.7.4fixed 1.7.4

    Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.ur