Описание
Sparkle Signing Checks Bypass
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
Пакеты
github.com/sparkle-project/Sparkle
<= 2.6.3
2.6.4
Связанные уязвимости
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
A security issue was found in Sparkle before version 2.6.4. An attacke ...
Уязвимость фреймворка Sparkle программной платформы Oracle Java SE, связанная с раскрытием файлов или каталогов внешним сторонам, позволяющая нарушителю обойти проверку подписи (Ed)DSA и получить полный контроль над приложением