CVE-2012-0878 – paste

Package

Manager: pip
Name: paste
Vulnerable Version: >=0 <1.7.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01239 pctl0.78469

Details

Paste Script has improper group memberships permissions Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

Metadata

Created: 2022-05-17T05:12:26Z
Modified: 2024-10-09T20:54:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27px-qpmj-qg38/GHSA-27px-qpmj-qg38.json
CWE IDs: []
Alternative ID: GHSA-27px-qpmj-qg38
Finding: F159
Auto approve: 1