CVE-2024-6299

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6299

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6299.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-6299

Published

2024-06-25T13:15:50Z

Modified

2025-01-08T06:52:14.181179Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

References

Affected packages

Git / gitlab.com/famedly/conduit

Affected ranges

Type: GIT
Repo: https://gitlab.com/famedly/conduit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a5b8930134cf7ea5ff9880e6fa468b2b3e05c98

Affected versions

v0.*

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0