WS-2018-0084 High Severity Vulnerability detected by WhiteSource #60

mend-bolt-for-github · 2019-02-22T01:14:19Z

WS-2018-0084 - High Severity Vulnerability

Vulnerable Library - sshpk-1.10.1.tgz

A library for finding and using SSH public keys

path: /tmp/git/jenkins-material-theme/node_modules/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json

Dependency Hierarchy:

npm-3.10.10.tgz (Root Library)
- request-2.75.0.tgz
  - http-signature-1.1.1.tgz
    - ❌ sshpk-1.10.1.tgz (Vulnerable Library)

Vulnerability Details

Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.

Publish Date: 2018-04-25

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 22, 2019