[BUG] Update ssh library to fix CVE-2020-9283. - Githubissues

seknox / trasa

Zero Trust Service Access

https://www.trasa.io

Mozilla Public License 2.0

383 stars 70 forks source link

[BUG] Update ssh library to fix CVE-2020-9283. #237

Closed bhrg3se closed 3 years ago

bhrg3se commented 3 years ago

Describe the bug:

There is vulnerability in golang ssh library which can be exploited to cause server to panic

Scope of issue:

[ ] TRASA codebase
[ ] dashboard
[x] server
[ ] mobile app
[ ] browser extension
[ ] device agent
[ ] website/docs

Additional context:

The issue is fixed in https://pkg.go.dev/golang.org/x/crypto@v0.0.0-20201217014255-9d1352758620/ssh