PYSEC-2010-13

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2010-13.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2010-13

Aliases

CVE-2009-4762
GHSA-jj23-fj2v-m872

Published

2010-03-29T20:30:00Z

Modified

2024-04-29T15:26:38.859396Z

Summary

[none]

Details

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

References

http://www.vupen.com/english/advisories/2010/0600
http://moinmo.in/SecurityFixes
http://www.debian.org/security/2010/dsa-2014
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://www.securityfocus.com/bid/35277
http://secunia.com/advisories/39887
http://www.vupen.com/english/advisories/2010/1208
http://ubuntu.com/usn/usn-941-1

Affected packages

PyPI / moin

Package

Name: moin; View open source insights on deps.dev
Purl: pkg:pypi/moin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.7

Fixed

1.7.3

Introduced

1.8

Fixed

1.8.3