Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HybridAuth SSL Curl.php certificate validation
Vulnerability Description
A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Hybridauth 信任管理问题漏洞
Vulnerability Description
Hybridauth是Hybridauth开源的一个基于Web 的认证和授权软件。 Hybridauth 3.12.2及之前版本存在信任管理问题漏洞,该漏洞源于对组件SSL Handler中文件src/HttpClient/Curl.php的参数curlOptions的错误操作,可能导致证书验证不当。
CVSS Information
N/A
Vulnerability Type
N/A