-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-43565 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519 #607
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
label
Nov 25, 2022
mend-bolt-for-github
bot
changed the title
CVE-2021-43565 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
CVE-2021-43565 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519 - autoclosed
Jan 6, 2023
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory. |
mend-bolt-for-github
bot
changed the title
CVE-2021-43565 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519 - autoclosed
CVE-2021-43565 (High) detected in golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
Dec 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
0 participants
CVE-2021-43565 - High Severity Vulnerability
Vulnerable Library - golang.org/x/crypto-v0.0.0-20210921155107-089bfa567519
[mirror] Go supplementary cryptography libraries
Library home page: https://proxy.golang.org/golang.org/x/crypto/@v/v0.0.0-20210921155107-089bfa567519.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 296953fdf7b1766daf9ff2839a0e0a7b0d3f371e
Found in base branch: dev
Vulnerability Details
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
Publish Date: 2022-09-06
URL: CVE-2021-43565
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43565
Release Date: 2021-11-10
Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20211202.5770296-1;golang-go.crypto-dev - 1:0.0~git20211202.5770296-1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: