Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33070
HistoryNov 23, 2021 - 8:30 a.m.

Content Spoofing

2021-11-2308:30:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
tusdotnet
content spoofing
vulnerability
sha-1
hash function

EPSS

0.001

Percentile

36.4%

tusdotnet is vulnerable to content spoofing. Remote attackers are able to conduct tampering attacks and alter the checksum which makes it possible to alter the file being uploaded itself. The vulnerability exists because tus client uses the SHA-1 hash function with weak collision resistance.

Affected configurations

Vulners
Node
tusdotnetMatch1.2.0
OR
tusdotnetMatch1.2.0
OR
tusdotnetRange2.5.0
VendorProductVersionCPE
*tusdotnet1.2.0cpe:2.3:a:*:tusdotnet:1.2.0:*:*:*:*:*:*:*
*tusdotnet*cpe:2.3:a:*:tusdotnet:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

36.4%

Related for VERACODE:33070