漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack
Vulnerability Description
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
conda-forge conda-smithy 信息泄露漏洞
Vulnerability Description
conda-forge conda-smithy是conda-forge开源的一个用于管理康达锻造原料的工具。 conda-forge conda-smithy 3.47.1之前版本存在信息泄露漏洞,该漏洞源于travis_encrypt_binstar_token实现存在Oracle Padding攻击风险。
CVSS Information
N/A
Vulnerability Type
N/A