Open mend-bolt-for-github[bot] opened 5 years ago
A library for finding and using SSH public keys
path: /tmp/git/nthu-select-courses/node_modules/sshpk/package.json
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz
Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Publish Date: 2018-04-25
URL: WS-2018-0084
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
WS-2018-0084 - High Severity Vulnerability
Vulnerable Library - sshpk-1.13.1.tgz
A library for finding and using SSH public keys
path: /tmp/git/nthu-select-courses/node_modules/sshpk/package.json
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz
Dependency Hierarchy: - node-sass-4.7.2.tgz (Root Library) - request-2.79.0.tgz - http-signature-1.1.1.tgz - :x: **sshpk-1.13.1.tgz** (Vulnerable Library)Vulnerability Details
Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Publish Date: 2018-04-25
URL: WS-2018-0084
CVSS 2 Score Details (8.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here