Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rhxf-5pw9-q4gm

Опубликовано: 13 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.

Ссылки

EPSS

Процентиль: 46%
0.00233
Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-1000012

Дефекты

CWE-345

Связанные уязвимости

nvd логотип

CVE-2019-1000012

CVSS3: 8.8
nvd
около 7 лет назад

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.

fstec логотип

BDU:2019-03899

CVSS3: 8.8
fstec
около 7 лет назад

Уязвимость менеджера пакетов Hex, связанная с недостаточной проверкой вводимых данных, позволяющая выполнить произвольный код

EPSS

Процентиль: 46%
0.00233
Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-1000012

Дефекты

CWE-345