3 matches found
Malicious File Parsing
@finos/git-proxy is vulnerable to malicious file parsing. The vulnerability is due to improper PACK signature detection in parsePush.ts, which allows an attacker to embed misleading signatures in commit content and craft packet structures to bypass approval or hide commits...
Incorrect Signature Validation in LensHub Contract
Lines of code Vulnerability details Description The LensHub contract contains two functions, "setFollowModuleWithSig" and "setProfileImageURIWithSig," that allow users to set a follow module and profile image URI, respectively, for a profile using EIP712 signatures for verification. However, the...
Medium: python-rsa
Issue Overview: It was found that python-rsa is vulnerable to Bleichenbacher'06 attack, allowing attacker to fake signatures for any public key with low exponent. CVE-2016-1494 Affected Packages: python-rsa Issue Correction: Run yum update python-rsa or yum update --advisory ALAS-2016-644 to upda...