Vulnerabilities > CVE-2019-1000014 - Unspecified vulnerability in Erlang Rebar3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

erlang

NVD

Published: 2019-02-04

Updated: 2021-07-21

Summary

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.

Vulnerable Configurations

Part	Description	Count
Application	Erlang Erlang Rebar3 3.7.0 Erlang Rebar3 3.7.1 Erlang Rebar3 3.7.2 Erlang Rebar3 3.7.3 Erlang Rebar3 3.7.4 Erlang Rebar3 3.7.5	6

References

https://github.com/erlang/rebar3/pull/1986