{"id":"PYSEC-2010-3","details":"The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.","aliases":["CVE-2010-0717","GHSA-5jjr-gmq3-f986"],"modified":"2024-04-29T11:56:29.824448Z","published":"2010-02-26T19:30:00Z","references":[{"type":"WEB","url":"http://moinmo.in/MoinMoinRelease1.8"},{"type":"WEB","url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2010/02/15/2"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0600"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-2014"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38903"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.7"}]}],"versions":["1.8.4","1.8.5","1.8.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2010-3.yaml"}}],"schema_version":"1.7.3"}