Channel Accessible by Non-Endpoint ('Man-in-the-Middle') Affecting github.com/edgelesssys/marblerun/cli/internal/cmd package, versions <1.4.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMEDGELESSSYSMARBLERUNCLIINTERNALCMD-7814224
  • published23 Aug 2024
  • disclosed21 Aug 2024
  • creditUnknown

Introduced: 21 Aug 2024

CVE NOT AVAILABLE CWE-300  (opens in a new tab)

How to fix?

Upgrade github.com/edgelesssys/marblerun/cli/internal/cmd to version 1.4.0 or higher.

Overview

Affected versions of this package are vulnerable to Channel Accessible by Non-Endpoint ('Man-in-the-Middle') through the CLI commands. An attacker can intercept and alter the communications by exploiting the lack of proper verification of the communication channel.

CVSS Scores

version 4.0
version 3.1