CVE-2024-41265

描述

cortex establishes TLS connections with `InsecureSkipVerify` set to `true` in github.com/cortexproject/cortex

受影響套件(2)

• Go/github.com/cortexlabs/cortexfrom 0
• Go/github.com/cortexproject/cortexfrom 0, <= 0.42.1

CVSS 分數

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-vw7g-3cc7-7rmh
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-41265
• PATCHhttps://github.com/cortexproject/cortex
• WEBhttps://gist.github.com/nyxfqq/1a8237f3f9cf793c6433f08b17d1593c
• WEBhttps://pkg.go.dev/vuln/GO-2024-3036