Closed terrafrost closed 1 year ago
Check out the description at https://github.com/advisories/GHSA-hm7p-r324-hhf3 :
Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.
That file does not exist in 2.0.41 nor has it ever existed in any tag created off of the 2.0 branch:
https://github.com/phpseclib/phpseclib/tree/2.0.41/phpseclib/Math https://github.com/phpseclib/phpseclib/tree/2.0/phpseclib/Math
That file, however, does exist in the 3.0 branch:
https://github.com/phpseclib/phpseclib/blob/3.0/phpseclib/Math/PrimeField.php
The recent 3.0.19 release fixed this:
https://github.com/phpseclib/phpseclib/releases/tag/3.0.19
This project only contains a composer.json from upstream reported advisories, generated every hour: you will need to contact the author of the upstream advisory instead, and get it adjusted.
composer.json
Check out the description at https://github.com/advisories/GHSA-hm7p-r324-hhf3 :
That file does not exist in 2.0.41 nor has it ever existed in any tag created off of the 2.0 branch:
https://github.com/phpseclib/phpseclib/tree/2.0.41/phpseclib/Math https://github.com/phpseclib/phpseclib/tree/2.0/phpseclib/Math
That file, however, does exist in the 3.0 branch:
https://github.com/phpseclib/phpseclib/blob/3.0/phpseclib/Math/PrimeField.php
The recent 3.0.19 release fixed this:
https://github.com/phpseclib/phpseclib/releases/tag/3.0.19