libgrss up to and including 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote malicious users to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome libgrss |