File tree Expand file tree Collapse file tree 1 file changed +26
-0
lines changed
advisories/hackage/x509-validation Expand file tree Collapse file tree 1 file changed +26
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " HSEC-2023-0006"
4+ cwe = [295 ]
5+ keywords = [" x509" " pki"
6+
7+ [[affected ]]
8+ package = " x509-validation"
9+ cvss = " CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N"
10+
11+ [[affected .versions ]]
12+ introduced = " 1.4.0"
13+ fixed = " 1.4.8"
14+
15+ [[references ]]
16+ type = " FIX"
17+ url = " https://github.com/haskell-tls/hs-certificate/commit/06d15dbbc53739314760d8504ca764000770e46e"
18+ ```
19+
20+ # x509-validation does not enforce pathLenConstraint
21+
22+ * x509-validation* prior to version 1.4.8 did not enforce the
23+ pathLenConstraint value. Constrained CAs could accidentally (or
24+ deliberately) issue CAs below the maximum depth and
25+ * x509-validation* would accept certificates issued by the
26+ unauthorised intermediate CAs.
You can’t perform that action at this time.
0 commit comments