exploitDog

GHSA-9r9h-rjvp-wrff

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Ссылки

EPSS

Процентиль: 32%

0.00122

Низкий

CVE ID

Дефекты

CWE-347

Связанные уязвимости

CVE-2020-36285

CVSS3: 7.5

nvd

почти 5 лет назад

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

EPSS

Процентиль: 32%

0.00122

Низкий

CVE ID

Дефекты

CWE-347