Description
Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Recommendation
Update the sshpk package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.13.2
- Patched version(s): 1.13.2
References
Related Issues
- Cross Site Scripting vulnerability in store2 - CVE-2024-57556
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- chromedriver Command Injection vulnerability - CVE-2023-26156
- Tags:
- npm
- sshpk
Anything's wrong? Let us know Last updated on January 31, 2023