First published: Tue May 25 2021(Updated: )
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libgrss | <=0.7.0-2 | |
Gnome Libgrss | <=0.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2016-20011.
The severity level of CVE-2016-20011 is high with a CVSS score of 7.5.
CVE-2016-20011 occurs because of the default behavior of SoupSessionSync in libgrss through 0.7.0.
The impact of CVE-2016-20011 is that it allows remote attackers to manipulate the contents of feeds without detection.
No specific remediation steps are mentioned for CVE-2016-20011.