Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Agent Dart missing certificate verification checks
Vulnerability Description
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Agent Dart 信任管理问题漏洞
Vulnerability Description
Agent Dart是AstroxNetwork开源的一个为 Dart 和 Flutter 应用程序的互联网计算机构建的代理库。 Agent Dart 1.0.0-dev.29版本之前存在信任管理问题漏洞,该漏洞源于lib/agent/certificate.dart中的证书验证无法正常进行。
CVSS Information
N/A
Vulnerability Type
N/A