Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
immundb has insufficient verification of data authenticity
Vulnerability Description
immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
immudb 数据伪造问题漏洞
Vulnerability Description
immudb是CodeNotary开源的一个基于零信任、SQL 和键值、防篡改、数据更改历史的不可变数据库。 immudb 1.4.1之前版本存在数据伪造问题漏洞,该漏洞源于恶意服务器可以提供伪造的证明,客户端SDK接受该证明之后会签署一个伪造的交易以取代真实的交易。
CVSS Information
N/A
Vulnerability Type
N/A