CVE-2023-49277

Name of the Vulnerable Software and Affected Versions dpaste versions prior to v3.8

Description A security issue has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities.

Recommendations For dpaste versions prior to v3.8, upgrade to dpaste release v3.8 or later versions to remediate the vulnerability. As a temporary workaround, consider restricting access to the expires parameter in the dpaste API until the patch is applied. No other workarounds have been identified, and applying the patch is the most effective way to resolve the issue.