Skip to content
QuantumScanReporte público de escaneo

Repositorio

docling-project/docling

Escaneado el 17 jun 2026

42

Puntuación de riesgo/ 100

Riesgo moderado

Resumen

The repository contains one critical finding related to the use of a curl command that explicitly allows TLS 1.2 but is part of a shell script download pattern that could be manipulated. While the command itself enforces TLS 1.2 (not 1.0/1.1), the use of 'curl | sh' for installing external dependencies presents a supply chain risk. This is a LaTeX backend engine component with moderate business impact if compromised.

Crítico

1

Alto

0

Medio

0

Bajo

0

Hallazgos principales

  • CríticoTLS 1.0 / 1.1

    docling/backend/latex/engines/tectonic.py:86

    Evidencia
    "curl --proto '=https' --tlsv1.2 -fsSL https://drop-sh.fullyjustified.net | sh"

Escanea tu propio repositorio

Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.

Iniciar un escaneo gratis