You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-bolt-for-githubbot
changed the title
CVE-2022-27191 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
CVE-2022-27191 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519 - autoclosed
Jan 6, 2023
mend-bolt-for-githubbot
changed the title
CVE-2022-27191 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519 - autoclosed
CVE-2022-27191 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
Dec 19, 2023
CVE-2022-27191 - High Severity Vulnerability
Vulnerable Library - golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
[mirror] Go supplementary cryptography libraries
Library home page: https://proxy.golang.org/golang.org/x/crypto/@v/v0.0.0-20210921155107-089bfa567519.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 296953fdf7b1766daf9ff2839a0e0a7b0d3f371e
Found in base branch: dev
Vulnerability Details
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Publish Date: 2022-03-18
URL: CVE-2022-27191
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-27191
Release Date: 2022-03-18
Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20220315.3147a52-1;golang-go.crypto-dev - 1:0.0~git20220315.3147a52-1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: