WS-2018-0084 High Severity Vulnerability detected by WhiteSource #10
Description
WS-2018-0084 - High Severity Vulnerability
Vulnerable Library - sshpk-1.10.1.tgz
A library for finding and using SSH public keys
path: /tmp/git/Hardware-con-Nodejs/node_modules/serialport/node_modules/node-pre-gyp/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.10.1.tgz
Dependency Hierarchy:
- serialport-4.0.7.tgz (Root Library)
- node-pre-gyp-0.6.32.tgz
- request-2.79.0.tgz
- http-signature-1.1.1.tgz
- ❌ sshpk-1.10.1.tgz (Vulnerable Library)
- http-signature-1.1.1.tgz
- request-2.79.0.tgz
- node-pre-gyp-0.6.32.tgz
Vulnerability Details
Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Publish Date: 2018-04-25
URL: WS-2018-0084
CVSS 2 Score Details (8.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here