Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cryptography has incomplete DNS name constraint enforcement on peer names
Vulnerability Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
cryptography 信任管理问题漏洞
Vulnerability Description
cryptography是Python Cryptographic Authority开源的一个Python的加密库。 cryptography 46.0.6之前版本存在信任管理问题漏洞,该漏洞源于DNS名称约束仅针对子证书中的SAN进行验证,而未验证每次验证期间呈现的对等名称,可能导致对等名称绕过通配符叶证书的排除子树约束。
CVSS Information
N/A
Vulnerability Type
N/A