Skip to main content
CVE-2013-2100 CRITICAL POC PATCH Act Now

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Portage
NVD
CVSS 2.0
9.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy