GHSA-5jjr-gmq3-f986

Suggest an improvement
Source
https://github.com/advisories/GHSA-5jjr-gmq3-f986
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5jjr-gmq3-f986/GHSA-5jjr-gmq3-f986.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-5jjr-gmq3-f986
Aliases
Published
2022-05-02T06:15:08Z
Modified
2024-12-05T05:40:58.403214Z
Summary
MoinMoin has improper default configuration
Details

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

Database specific
{
    "nvd_published_at": "2010-02-26T19:30:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-29T11:18:54Z"
}
References

Affected packages

PyPI / moin

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.7

Affected versions

1.*

1.8.4
1.8.5
1.8.6