{
  "schema_version": "1.4.0",
  "id": "GHSA-w7j5-c963-67j3",
  "modified": "2022-05-24T16:48:16Z",
  "published": "2022-05-24T16:48:16Z",
  "aliases": [
    "CVE-2019-12875"
  ],
  "details": "Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12875"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b"
    },
    {
      "type": "WEB",
      "url": "https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190625-0005"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-18T19:15:00Z"
  }
}