Unidirectional-Routing Protection Bypass in Mitogen Core.py

Unidirectional-Routing Protection Bypass in Mitogen Core.py

CVE-2019-15149 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism

Learn more about our Web Application Penetration Testing UK.