sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HJoyent Sshpk
APPJoyent≤ 1.13.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2020-27678CRITICAL9.8ten sam vendor
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r1510...
CVE-2020-7712HIGH7.2ten sam vendor
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup...
CVE-2017-16005HIGH7.5ten sam vendor
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-s...
CVE-2018-1171HIGH7.0ten sam vendor
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS...
CVE-2018-1166HIGH7.8ten sam vendor
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS...