Open mend-bolt-for-github[bot] opened 8 months ago
PHP Secure Communications Library
Dependency Hierarchy: - laravel/passport-v7.3.0 (Root Library) - :x: **phpseclib/phpseclib-2.0.20** (Vulnerable Library)
Found in base branch: master
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Publish Date: 2021-04-06
URL: CVE-2021-30130
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
Release Date: 2021-04-06
Fix Resolution: 2.0.31, 3.0.7
Step up your Open Source Security Game with Mend here
CVE-2021-30130 - High Severity Vulnerability
PHP Secure Communications Library
Dependency Hierarchy: - laravel/passport-v7.3.0 (Root Library) - :x: **phpseclib/phpseclib-2.0.20** (Vulnerable Library)
Found in base branch: master
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Publish Date: 2021-04-06
URL: CVE-2021-30130
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
Release Date: 2021-04-06
Fix Resolution: 2.0.31, 3.0.7
Step up your Open Source Security Game with Mend here