PT-2019-11266 · Erlang/Otp · Rebar3
Published
2019-02-04
·
Updated
2021-07-21
·
CVE-2019-1000014
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Erlang/OTP Rebar3 versions 3.7.0 through 3.7.5
Description:
The issue concerns a Signing oracle vulnerability in Package registry verification, which can lead to Package modifications not being detected. This allows for code execution. The attack is exploitable when a victim fetches packages from a malicious or compromised mirror.
Recommendations:
For versions 3.7.0 through 3.7.5, update to version 3.8.0 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rebar3