Vulnerabilities (CVE)

Filtered by vendor Pythonpaste Subscribe
Filtered by product Paste
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0878 1 Pythonpaste 1 Paste 2024-11-21 5.1 MEDIUM N/A
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
CVE-2010-2477 1 Pythonpaste 1 Paste 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.