You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 1, 2022. It is now read-only.
A man in the middle attacker can potentially replace the zip file downloaded in https://github.com/hyperledger/quilt/blob/master/.circleci/config.yml as it traverses the network since a HTTP link is used:
curl -L --cookie 'oraclelicense=accept-securebackup-cookie;' http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -o /tmp/jce_policy.zip
unzip -o /tmp/jce_policy.zip -d /tmp
sudo mv -f /tmp/UnlimitedJCEPolicyJDK8/US_export_policy.jar $JAVA_HOME/jre/lib/security/US_export_policy.jar
sudo mv -f /tmp/UnlimitedJCEPolicyJDK8/local_policy.jar $JAVA_HOME/jre/lib/security/local_policy.jar
additionally a local attacker can predict where the file will be written and potentially modify it /tmp/jce_policy.zip.
Suggestions:
The text was updated successfully, but these errors were encountered: