Description
Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Recommendation
Update the sshpk package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.13.2
- Patched version(s): 1.13.2
References
Related Issues
- Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Tags:
- npm
- sshpk
Anything's wrong? Let us know Last updated on January 31, 2023