GHSA-p7xc-35m8-57pr

Source

https://github.com/advisories/GHSA-p7xc-35m8-57pr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-p7xc-35m8-57pr/GHSA-p7xc-35m8-57pr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p7xc-35m8-57pr

Aliases

Published

2018-07-13T15:17:14Z

Modified

2024-09-20T17:48:38.486496Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

FedMsg not properly completing message validation

Details

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.

Database specific

{
    "github_reviewed_at": "2020-06-16T21:48:31Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-20"
    ],
    "nvd_published_at": null,
    "github_reviewed": true
}

References

Affected packages

PyPI / fedmsg

Package

Name: fedmsg; View open source insights on deps.dev
Purl: pkg:pypi/fedmsg

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.18.2

Affected versions

0.*

0.0.1a

0.0.1a2

0.0.1a3

0.0.1a4

0.0.1a5

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.4.0

0.4.1

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.10.0

0.11.0

0.11.1

0.12.0

0.12.1

0.12.2

0.12.3

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0

0.17.1

0.17.2

0.18.0

0.18.1