exploitDog

GHSA-rmwh-8jrh-hc23

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

Ссылки

EPSS

Процентиль: 30%

0.00114

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-295

CWE-494

Связанные уязвимости

CVE-2017-13083

CVSS3: 5.3

nvd

больше 8 лет назад

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code

EPSS

Процентиль: 30%

0.00114

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-295

CWE-494