The following security vulnerabilities were found in our latest Gemini Central, version 3.1, based on the recent scan run on March 8th, 2023. Related fixes are scheduled to be available in our next release.
CentOS 7 : git (CESA-2023:0978) - Critical
git: gitattributes parsing integer overflow (CVE-2022-23521)
git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903)
SSL Certificate Cannot Be Trusted - Medium
- The server’s X.509 certificate cannot be trusted. Situations can occur in which the chain of trust can be broken. More information in the link below.
SSL Self-Signed Certificate - Medium
- The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Please reach out to our Support at email@example.com if you have any questions or concerns regarding this advisory.
Did you find it helpful?Send feedback