Metrics
Affected Vendors & Products
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Tue, 15 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Astroxnetwork
Astroxnetwork agent Dart |
|
CPEs | cpe:2.3:a:astroxnetwork:agent_dart:*:*:*:*:*:*:*:* | |
Vendors & Products |
Astroxnetwork
Astroxnetwork agent Dart |
|
Metrics |
cvssV3_1
|
Tue, 15 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification. | |
Title | Agent Dart missing certificate verification checks | |
Weaknesses | CWE-295 | |
References |
|
|
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-15T17:12:31.400Z
Updated: 2024-11-21T16:53:44.140Z
Reserved: 2024-10-09T22:06:46.172Z
Link: CVE-2024-48915
Updated: 2024-10-15T18:52:32.143Z
Status : Awaiting Analysis
Published: 2024-10-15T17:15:11.943
Modified: 2024-11-21T17:15:20.387
Link: CVE-2024-48915
No data.