N/A

Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.

N/A

N/A

Hex package manager 输入验证错误漏洞

Hex package manager是一款用于Erlang生态系统的包管理器。 Hex package manager hex_core 0.3.0版本及之前版本中存在输入验证错误漏洞。攻击者可借助特制的包利用该漏洞执行代码。

N/A

N/A