Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by haskell
CVE-2024-3566 (GCVE-0-2024-3566)
Vulnerability from cvelistv5 – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
VLAI
Title
Command injection vulnerability in programing languages on Microsoft Windows operating system.
Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Node.js | Node.js |
Affected:
* , ≤ 21.7.2
(custom)
|
|
| Go Programming Language | GoLang |
Affected:
*
|
|
| Haskell Programming Language | Haskel |
Affected:
*
|
|
| nodejs | nodejs |
Affected:
0 , ≤ 21.7.2
(custom)
cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:* |
|
| haskell | process_library |
Affected:
0 , < 1.6.19.0
(custom)
cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:* |
|
| rust-lang | rust |
Affected:
0 , < 1.77.2
(custom)
cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* |
|
| thephpgroup | thephpgroup |
Affected:
0 , < *
(custom)
cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:* |
|
| yt-dlp_project | yt-dlp |
Affected:
0 , < *
(custom)
cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-18T17:35:41.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"tags": [
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nodejs",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_library",
"vendor": "haskell",
"versions": [
{
"lessThan": "1.6.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rust",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "1.77.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thephpgroup",
"vendor": "thephpgroup",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yt-dlp",
"vendor": "yt-dlp_project",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T16:13:02.290928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:25:43.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Node.js",
"vendor": "Node.js",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "GoLang",
"vendor": "Go Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Haskel",
"vendor": "Haskell Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T15:26:52.009Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3566",
"datePublished": "2024-04-10T15:22:56.099Z",
"dateReserved": "2024-04-10T04:58:27.982Z",
"dateUpdated": "2025-11-18T17:35:41.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4249 (GCVE-0-2021-4249)
Vulnerability from cvelistv5 – Published: 2022-12-18 00:00 – Updated: 2025-04-15 13:00
VLAI
Title
xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop
Summary
A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service -> CWE-835 Infinite Loop
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | xml-conduit |
Affected:
0.5.0
Affected: 0.5.0.1 Affected: 0.5.1 Affected: 0.5.1.1 Affected: 0.5.1.2 Affected: 0.5.2 Affected: 0.5.3 Affected: 0.5.3.1 Affected: 0.5.4 Affected: 0.6.0 Affected: 0.6.1 Affected: 0.7.0 Affected: 0.7.0.1 Affected: 0.7.0.2 Affected: 0.7.0.3 Affected: 1.0.0 Affected: 1.0.1 Affected: 1.0.1.1 Affected: 1.0.2 Affected: 1.0.2.1 Affected: 1.0.3 Affected: 1.0.3.1 Affected: 1.0.3.2 Affected: 1.0.3.3 Affected: 1.1.0 Affected: 1.1.0.1 Affected: 1.1.0.2 Affected: 1.1.0.3 Affected: 1.1.0.4 Affected: 1.1.0.5 Affected: 1.1.0.6 Affected: 1.1.0.7 Affected: 1.1.0.8 Affected: 1.1.0.9 Affected: 1.2.0 Affected: 1.2.0.1 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1 Affected: 1.2.1.1 Affected: 1.2.2 Affected: 1.2.3 Affected: 1.2.3.1 Affected: 1.2.3.2 Affected: 1.2.3.3 Affected: 1.2.4 Affected: 1.2.5 Affected: 1.2.5.1 Affected: 1.2.6 Affected: 1.3.0 Affected: 1.3.1 Affected: 1.3.2 Affected: 1.3.3 Affected: 1.3.3.1 Affected: 1.3.4 Affected: 1.3.4.1 Affected: 1.3.4.2 Affected: 1.3.5 Affected: 1.4.0 Affected: 1.4.0.1 Affected: 1.4.0.2 Affected: 1.4.0.3 Affected: 1.4.0.4 Affected: 1.5.0 Affected: 1.5.1 Affected: 1.6.0 Affected: 1.7.0 Affected: 1.7.0.1 Affected: 1.7.1.0 Affected: 1.7.1.1 Affected: 1.7.1.2 Affected: 1.8.0 Affected: 1.8.0.1 Affected: 1.9.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:09.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snoyberg/xml/pull/161"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.216204"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:02:21.860887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:00:10.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xml-conduit",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "0.5.0"
},
{
"status": "affected",
"version": "0.5.0.1"
},
{
"status": "affected",
"version": "0.5.1"
},
{
"status": "affected",
"version": "0.5.1.1"
},
{
"status": "affected",
"version": "0.5.1.2"
},
{
"status": "affected",
"version": "0.5.2"
},
{
"status": "affected",
"version": "0.5.3"
},
{
"status": "affected",
"version": "0.5.3.1"
},
{
"status": "affected",
"version": "0.5.4"
},
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
},
{
"status": "affected",
"version": "0.7.0"
},
{
"status": "affected",
"version": "0.7.0.1"
},
{
"status": "affected",
"version": "0.7.0.2"
},
{
"status": "affected",
"version": "0.7.0.3"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.2.1"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.3.1"
},
{
"status": "affected",
"version": "1.0.3.2"
},
{
"status": "affected",
"version": "1.0.3.3"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.0.1"
},
{
"status": "affected",
"version": "1.1.0.2"
},
{
"status": "affected",
"version": "1.1.0.3"
},
{
"status": "affected",
"version": "1.1.0.4"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.0.7"
},
{
"status": "affected",
"version": "1.1.0.8"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.0.1"
},
{
"status": "affected",
"version": "1.2.0.2"
},
{
"status": "affected",
"version": "1.2.0.3"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.1.1"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.3.1"
},
{
"status": "affected",
"version": "1.2.3.2"
},
{
"status": "affected",
"version": "1.2.3.3"
},
{
"status": "affected",
"version": "1.2.4"
},
{
"status": "affected",
"version": "1.2.5"
},
{
"status": "affected",
"version": "1.2.5.1"
},
{
"status": "affected",
"version": "1.2.6"
},
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.3"
},
{
"status": "affected",
"version": "1.3.3.1"
},
{
"status": "affected",
"version": "1.3.4"
},
{
"status": "affected",
"version": "1.3.4.1"
},
{
"status": "affected",
"version": "1.3.4.2"
},
{
"status": "affected",
"version": "1.3.5"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.0.1"
},
{
"status": "affected",
"version": "1.4.0.2"
},
{
"status": "affected",
"version": "1.4.0.3"
},
{
"status": "affected",
"version": "1.4.0.4"
},
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.7.0.1"
},
{
"status": "affected",
"version": "1.7.1.0"
},
{
"status": "affected",
"version": "1.7.1.1"
},
{
"status": "affected",
"version": "1.7.1.2"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.0.1"
},
{
"status": "affected",
"version": "1.9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service -\u003e CWE-835 Infinite Loop",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-18T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/snoyberg/xml/pull/161"
},
{
"url": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0"
},
{
"url": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea"
},
{
"url": "https://vuldb.com/?id.216204"
}
],
"title": "xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4249",
"datePublished": "2022-12-18T00:00:00.000Z",
"dateReserved": "2022-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:00:10.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3433 (GCVE-0-2022-3433)
Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:07
VLAI
Summary
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.
Severity
No CVSS data available.
CWE
- CWE-328 - >CWE-400
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs-syd.eu/posts/2021-09-11-json-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aeson",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 2.0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328-\u003eCWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://cs-syd.eu/posts/2021-09-11-json-vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3433",
"datePublished": "2022-10-10T00:00:00.000Z",
"dateReserved": "2022-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:07:06.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0243 (GCVE-0-2013-0243)
Vulnerability from cvelistv5 – Published: 2019-12-05 15:16 – Updated: 2024-08-06 14:18
VLAI
Summary
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
Severity
No CVSS data available.
CWE
- constraints vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-0243 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/01/30/6 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| haskell-tls-extra | haskell-tls-extra |
Affected:
< 0.6.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-0243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "haskell-tls-extra",
"vendor": "haskell-tls-extra",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "constraints vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-05T15:16:46.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-0243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/30/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "haskell-tls-extra",
"version": {
"version_data": [
{
"version_value": "\u003c 0.6.1"
}
]
}
}
]
},
"vendor_name": "haskell-tls-extra"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "constraints vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0243",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0243"
},
{
"name": "https://access.redhat.com/security/cve/cve-2013-0243",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2013-0243"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/01/30/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/01/30/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0243",
"datePublished": "2019-12-05T15:16:46.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}