Closed MKriener closed 8 months ago
phpsesclib contians the following security issues and needs to be pined to the versions ^2.0.47 and ^3.0.36.
+-------------------+----------------------------------------------------------------------------------+ | Package | phpseclib/phpseclib | | Severity | high | | CVE | CVE-2024-27354 | | Title | phpseclib a large prime can cause a denial of service | | URL | https://github.com/advisories/GHSA-hg35-mp25-qf6h | | Affected versions | >=3.0.0,<3.0.36|>=2.0.0,<2.0.47|>=1.0.0,<1.0.23 | | Reported at | 2024-03-02T00:31:33+00:00 | +-------------------+----------------------------------------------------------------------------------+ +-------------------+----------------------------------------------------------------------------------+ | Package | phpseclib/phpseclib | | Severity | high | | CVE | CVE-2024-27355 | | Title | phpseclib does not properly limit the ASN1 OID length | | URL | https://github.com/advisories/GHSA-jr22-8qgm-4q87 | | Affected versions | >=2.0.0,<2.0.47|>=3.0.0,<3.0.36|<1.0.23 | | Reported at | 2024-03-02T00:31:33+00:00 | +-------------------+----------------------------------------------------------------------------------+
https://github.com/phpseclib/phpseclib/blob/2.0.47/CHANGELOG.md https://github.com/phpseclib/phpseclib/blob/3.0.36/CHANGELOG.md
Feel free to open a PR!
bobvandevijver
commented
8 months ago bobvandevijver
commented
8 months ago
phpsesclib contians the following security issues and needs to be pined to the versions ^2.0.47 and ^3.0.36.
https://github.com/phpseclib/phpseclib/blob/2.0.47/CHANGELOG.md https://github.com/phpseclib/phpseclib/blob/3.0.36/CHANGELOG.md