exploitDog

GHSA-pxm9-cf3x-rrc5

Опубликовано: 12 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

Ссылки

EPSS

Процентиль: 19%

0.00061

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-354

Связанные уязвимости

CVE-2023-36650

CVSS3: 7.2

nvd

около 2 лет назад

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

EPSS

Процентиль: 19%

0.00061

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-354