CVE-2019-1000014
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.
Erlang/OTP Rebar3, desde la versión 3.7.0 hasta la 3.7.5, contiene una vulnerabilidad de oráculo de firma en la verificación de registros de paquetes que puede resultar en que no se detecten modificaciones en los paquetes, lo que permite la ejecución de código. El ataque parece ser explotable mediante una víctima que recupere paquetes desde un mirror malicioso/comprometido. La vulnerabilidad parece haber sido solucionada en la versión 3.8.0.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-15 CVE Reserved
- 2019-02-04 CVE Published
- 2023-03-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/erlang/rebar3/pull/1986 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Erlang Search vendor "Erlang" | Rebar3 Search vendor "Erlang" for product "Rebar3" | >= 3.7.0 <= 3.7.5 Search vendor "Erlang" for product "Rebar3" and version " >= 3.7.0 <= 3.7.5" | - |
Affected
|