search

loftwah / shop.grindmodecypher.com

This is the repository for shop.grindmodecypher.com. A website I have built, and maintain for the music group I am in called Grind Mode Cypher.
https://shop.grindmodecypher.com
GNU General Public License v3.0
2 stars 0 forks source link

CVE-2021-30130 (High) detected in phpseclib/phpseclib-2.0.10 - autoclosed #25

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2021-30130 - High Severity Vulnerability

Vulnerable Library - phpseclib/phpseclib-2.0.10

PHP Secure Communications Library

Dependency Hierarchy: - google/apiclient-v2.2.1 (Root Library) - :x: **phpseclib/phpseclib-2.0.10** (Vulnerable Library)

Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d

Found in base branch: master

Vulnerability Details

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

Publish Date: 2021-04-06

URL: CVE-2021-30130

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130

Release Date: 2021-04-06

Fix Resolution: 2.0.31, 3.0.7

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #26

mend-bolt-for-github[bot] commented 3 years ago

:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #26