Closed mend-bolt-for-github[bot] closed 3 years ago
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #26
:information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #26
CVE-2021-30130 - High Severity Vulnerability
Vulnerable Library - phpseclib/phpseclib-2.0.10
PHP Secure Communications Library
Dependency Hierarchy: - google/apiclient-v2.2.1 (Root Library) - :x: **phpseclib/phpseclib-2.0.10** (Vulnerable Library)
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
Vulnerability Details
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Publish Date: 2021-04-06
URL: CVE-2021-30130
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
Release Date: 2021-04-06
Fix Resolution: 2.0.31, 3.0.7
Step up your Open Source Security Game with WhiteSource here