CVE-2010-0717 — MoinMoin has improper default configuration

Description

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

How to fix CVE-2010-0717

To remediate CVE-2010-0717, upgrade the affected package to a fixed version below.

PyPI/moin—upgrade to 1.8.7 or later
PyPI/moin—upgrade to 1.8.7 or later

Is CVE-2010-0717 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.8.7
from 0, < 1.8.7

References (12)

ADVISORYsecunia.com/advisories/38903
ADVISORYgithub.com/advisories/GHSA-5jjr-gmq3-f986
ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-0717
PATCHgithub.com/moinwiki/moin
WEBhg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES