CVE-2010-2477

Name of the Vulnerable Software and Affected Versions Paste versions prior to 1.7.4

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific vectors, including those involving a 404 status code. The vulnerabilities are related to components such as paste.urlparser.StaticURLParser, paste.urlparser.PkgResourcesParser, paste.urlmap.URLMap, and HTTPNotFound.

Recommendations For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the paste.httpexceptions implementation until a patch is available. Avoid using the vulnerable components, such as paste.urlparser.StaticURLParser, paste.urlparser.PkgResourcesParser, paste.urlmap.URLMap, and HTTPNotFound, in sensitive operations until the issue is resolved.