CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-15149

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile11.19th
Published2019年8月18日
Last Modified2024年11月21日

Vulnerability Description

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism

Affected Platforms (CPE)

📦
Networkgenomics

Mitogen

< 0.2.8

References & Advisories

🔗 https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
🔗 https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18
🔗 https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dc
🔗 https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18

相關漏洞威脅

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...