Strix
26.1K

CVE-2023-49277

MEDIUMCVSS 6.1/10EPSS 0.52%

Last modified

CVE-2023-49277 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.52%

40.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DarrennathanaelDpaste< 3.8

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-49277?
dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.
How severe is CVE-2023-49277?
CVE-2023-49277 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2023-49277?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-49277?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST