GHSA-p7xc-35m8-57pr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p7xc-35m8-57pr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-p7xc-35m8-57pr/GHSA-p7xc-35m8-57pr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p7xc-35m8-57pr
- Aliases
- Published
- 2018-07-13T15:17:14Z
- Modified
- 2024-09-20T17:48:38.486496Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- FedMsg not properly completing message validation
- Details
-
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.
- Database specific
{ "github_reviewed": true, "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:48:31Z", "severity": "HIGH", "cwe_ids": [ "CWE-20" ] }- References
Affected packages
PyPI / fedmsg
Package
- Name
- fedmsg
- View open source insights on deps.dev
- Purl
- pkg:pypi/fedmsg
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.18.2
Affected versions
0.*
0.0.1a
0.0.1a2
0.0.1a3
0.0.1a4
0.0.1a5
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.3
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.15.0
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0
0.17.1
0.17.2
0.18.0
0.18.1