Описание
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
EPSS
Процентиль: 11%
0.00038
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-290
Связанные уязвимости
CVSS3: 6.3
ubuntu
больше 1 года назад
Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
CVSS3: 6.3
debian
больше 1 года назад
Applications that use spring-boot-loaderor spring-boot-loader-classica ...
EPSS
Процентиль: 11%
0.00038
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-290