CVE-2017-1000001: FedMsg not properly completing message validation

July 13, 2018 (updated September 20, 2024)

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.

References

github.com/advisories/GHSA-p7xc-35m8-57pr
github.com/fedora-infra/fedmsg
github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst
github.com/pypa/advisory-database/tree/main/vulns/fedmsg/PYSEC-2017-13.yaml
nvd.nist.gov/vuln/detail/CVE-2017-1000001

Detect and mitigate CVE-2017-1000001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →