CVE-2019-15149

Опубликовано: 18 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism

Ссылки

https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
Patch
Third Party Advisory
https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18
Release Notes
https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
Patch
Third Party Advisory
https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:networkgenomics:mitogen:*:*:*:*:*:*:*:*

Версия до 0.2.8 (исключая)

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-8rf6-w2mx-4xjh