portage

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting portagepage 1 of 1

CVE-2013-2100NONECVSS 0.0EG 0.0✓ Fixed in 2.1.12.2
2014-09-29
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists…
CVE-2016-20021CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.47
2024-01-12
vulnerable: 3.0.18 ... 3.0.46 (33 versions)
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerab…

Check whether portage is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for portage CVEs against the assets you own.

Start Free Scan →