exploitDog

CVE-2023-50475

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.

Ссылки

https://github.com/bcoin-org/bcoin/issues/1174
Exploit
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md
Third Party Advisory
https://github.com/bcoin-org/bcoin/issues/1174
Exploit
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bcoin:bcoin:2.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-327

Связанные уязвимости

GHSA-jj93-39pf-7mcf

CVSS3: 9.1

github

около 2 лет назад

bsock uses weak hashing algorithms

EPSS

Процентиль: 39%

0.00176

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-327