Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
glance 输入验证错误漏洞
Vulnerability Description
glance是nlpweb开源的一个字典可视化存储库。 glance 0.10.0之前版本存在输入验证错误漏洞。该漏洞源于程序没有正确地检验preverify_ok值,从而导致服务器主机名无法对主题的Common Name中的域名或X.509证书的subjectAltName字段中的域名进行验证。中间人攻击者可借助任意有效证书利用该漏洞欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A