CyberSec.Space Logo
Back to CVE Browser

CVE-2019-15149

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile11.19th
PublishedAug 18, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism

Affected Platforms (CPE)

πŸ“¦
Networkgenomics

Mitogen

< 0.2.8

References & Advisories

πŸ”— https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
πŸ”— https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18
πŸ”— https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
πŸ”— https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18

Related Vulnerabilities

CVE-2019-700310.0

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execu...

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-1095910.0

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does...

CVE-2019-1664910.0

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual med...