Windows TCP/IP Information Disclosure Vulnerability Windows Server Key Distribution Service Security Feature Bypass This issue has been patched in version 3.1.41. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. There is an incomplete fix for CVE-2023-40590. GitPython is a python library used to interact with Git repositories. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. Creditcoin is a network that enables cross-blockchain credit transactions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |