Описание
Signify allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-70887
- https://github.com/mtrojnar/osslsigncode/issues/475
- https://github.com/ralphje/signify/issues/60
- https://github.com/mtrojnar/osslsigncode/pull/477
- https://github.com/ralphje/signify/commit/64f21c0cc06cea0536370686ca3ba7a01e4adaa8
- https://github.com/mtrojnar/osslsigncode/releases/tag/2.11
Пакеты
Наименование
signify
pip
Затронутые версииВерсия исправления
< 0.9.2
0.9.2
Связанные уязвимости
CVSS3: 8.8
nvd
14 дней назад
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
CVSS3: 8.8
debian
14 дней назад
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...