kaidisn / bigslice Goto Github PK

Vulnerable Library - commonmarker-0.17.13.gem

A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.

Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jekyll-commonmark-ghpages-0.1.6.gem
    • ❌ commonmarker-0.17.13.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Publish Date: 2022-09-21

URL: WS-2022-0320

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-4qw4-jpp4-8gvp

Release Date: 2022-09-21

Fix Resolution: commonmarker - 0.23.6

Vulnerable Library - nokogiri-1.11.1.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ nokogiri-1.11.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.

Publish Date: 2021-09-27

URL: CVE-2021-41098

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098

Release Date: 2021-09-27

Fix Resolution: nokogiri - 1.12.5

Vulnerable Library - kramdown-2.3.0.gem

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions.

Library home page: https://rubygems.org/gems/kramdown-2.3.0.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ kramdown-2.3.0.gem (Vulnerable Library)

Found in HEAD commit: 59118db932158f01a4746ad06a0deb03b2dd0a80

Found in base branch: master

Vulnerability Details

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

Publish Date: 2021-03-19

URL: CVE-2021-28834

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2021-03-19

Fix Resolution: 2.3.1

Vulnerable Library - nokogiri-1.11.1.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ nokogiri-1.11.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.

Publish Date: 2022-05-20

URL: CVE-2022-29181

CVSS 3 Score Details (8.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181

Release Date: 2022-05-20

Fix Resolution: nokogiri - 1.13.6

Vulnerable Library - golang.org/x/text/language-v0.3.5

Package language implements BCP 47 language tags and related functionality.

Library home page: https://proxy.golang.org/golang.org/x/text/@v/v0.3.5.zip

Dependency Hierarchy:

• github.com/grailbio/bigslice/archive/tarslice (Root Library)
  • github.com/grailbio/bigslice-v0.0.0-20210127211332-cc6ca3557677
    • github.com/grailbio/bigmachine/ec2system-v0.5.8
      • github.com/grailbio/bigmachine-v0.5.8
        • github.com/golang/net/http2-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
          • github.com/golang/net/http/httpguts-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
            • github.com/golang/net/idna-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
              • golang.org/x/text/secure/bidirule-v0.3.5
                • golang.org/x/text/unicode/bidi-v0.3.5
                  • golang.org/x/text/unicode/rangetable-v0.3.5
                  • ❌ golang.org/x/text/language-v0.3.5 (Vulnerable Library)

Found in base branch: master

Vulnerability Details

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.

Publish Date: 2022-10-14

URL: CVE-2022-32149

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-32149

Release Date: 2022-10-14

Fix Resolution: v0.3.8

Vulnerable Library - tzinfo-1.2.7.gem

TZInfo provides daylight savings aware transformations between times in different time zones.

Library home page: https://rubygems.org/gems/tzinfo-1.2.7.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jemoji-0.11.1.gem
    • html-pipeline-2.13.0.gem
      • activesupport-6.0.3.2.gem
        • ❌ tzinfo-1.2.7.gem (Vulnerable Library)

Found in HEAD commit: 59118db932158f01a4746ad06a0deb03b2dd0a80

Found in base branch: master

Vulnerability Details

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require on demand. In the affected versions, TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z.

Publish Date: 2022-07-22

URL: CVE-2022-31163

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-5cm2-9h8c-rvfx

Release Date: 2022-07-22

Fix Resolution: tzinfo - 0.3.61,1.2.10

Vulnerable Library - github.com/golang/crypto/ssh-0c34fe9e7dc2486962ef9867e3edb3503537209f

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

• github.com/grailbio/bigslice/archive/tarslice (Root Library)
  • github.com/grailbio/bigslice-v0.0.0-20210127211332-cc6ca3557677
    • github.com/grailbio/bigmachine/ec2system-v0.5.8
      • github.com/grailbio/bigmachine-v0.5.8
        • ❌ github.com/golang/crypto/ssh-0c34fe9e7dc2486962ef9867e3edb3503537209f (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Publish Date: 2022-03-18

URL: CVE-2022-27191

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-27191

Release Date: 2022-03-18

Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20220315.3147a52-1;golang-go.crypto-dev - 1:0.0~git20220315.3147a52-1

Vulnerable Library - activesupport-6.0.3.2.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-6.0.3.2.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jemoji-0.11.1.gem
    • html-pipeline-2.13.0.gem
      • ❌ activesupport-6.0.3.2.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. The issue is patched in versions 6.1.7.1 and 7.0.4.1.

Publish Date: 2023-01-06

URL: CVE-2023-22796

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-j6gc-792m-qgm2

Release Date: 2023-01-06

Fix Resolution: activesupport - 6.1.7.1,7.0.4.1

Vulnerable Library - addressable-2.7.0.gem

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates.

Library home page: https://rubygems.org/gems/addressable-2.7.0.gem

Path to dependency file: /docs/Gemfile.lock

Path to vulnerable library: /var/lib/gems/2.5.0/cache/addressable-2.7.0.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jekyll-sitemap-1.4.0.gem
    • jekyll-3.9.0.gem
      • ❌ addressable-2.7.0.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.

Publish Date: 2021-07-06

URL: CVE-2021-32740

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-jxhc-q857-3j6g

Release Date: 2021-07-06

Fix Resolution: addressable - 2.8.0

Vulnerable Library - golang.org/x/text/language-v0.3.5

Package language implements BCP 47 language tags and related functionality.

Library home page: https://proxy.golang.org/golang.org/x/text/@v/v0.3.5.zip

Dependency Hierarchy:

• github.com/grailbio/bigslice/archive/tarslice (Root Library)
  • github.com/grailbio/bigslice-v0.0.0-20210127211332-cc6ca3557677
    • github.com/grailbio/bigmachine/ec2system-v0.5.8
      • github.com/grailbio/bigmachine-v0.5.8
        • github.com/golang/net/http2-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
          • github.com/golang/net/http/httpguts-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
            • github.com/golang/net/idna-d523dce5a7f4b994f7ed0531dbe44cd8fd803e26
              • golang.org/x/text/secure/bidirule-v0.3.5
                • golang.org/x/text/unicode/bidi-v0.3.5
                  • golang.org/x/text/unicode/rangetable-v0.3.5
                  • ❌ golang.org/x/text/language-v0.3.5 (Vulnerable Library)

Found in base branch: master

Vulnerability Details

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

Publish Date: 2022-12-26

URL: CVE-2021-38561

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://osv.dev/vulnerability/GO-2021-0113

Release Date: 2021-08-12

Fix Resolution: v0.3.7

Vulnerable Library - nokogiri-1.11.1.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ nokogiri-1.11.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

nokogiri up to and including 1.13.8 is affected by several vulnerabilities (CVE-2022-40303, CVE-2022-40304 and CVE-2022-2309) in the dependency bundled libxml2 library. Version 1.13.9 of nokogiri contains a patch where the dependency is upgraded with the patches as well.

Publish Date: 2022-10-18

URL: WS-2022-0334

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-2qc6-mcvw-92cw

Release Date: 2022-10-18

Fix Resolution: nokogiri - 1.13.9

Vulnerable Library - rexml-3.2.4.gem

An XML toolkit for Ruby

Library home page: https://rubygems.org/gems/rexml-3.2.4.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jekyll-sitemap-1.4.0.gem
    • jekyll-3.9.0.gem
      • kramdown-2.3.0.gem
        • ❌ rexml-3.2.4.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Publish Date: 2021-04-21

URL: CVE-2021-28965

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-8cr8-4vfw-mr7h

Release Date: 2021-04-21

Fix Resolution: rexml - 3.1.9.1, 3.2.5

Vulnerable Library - commonmarker-0.17.13.gem

A fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.

Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • jekyll-commonmark-ghpages-0.1.6.gem
    • ❌ commonmarker-0.17.13.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

commonmarker versions prior to 0.23.4 are vulnerable to heap memory corruption when parsing tables whose marker rows contain more than UINT16_MAX columns.
The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.

Publish Date: 2022-02-03

URL: WS-2022-0093

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-fmx4-26r3-wxpf

Release Date: 2022-02-03

Fix Resolution: commonmarker - 0.23.4

Vulnerable Library - nokogiri-1.11.1.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ nokogiri-1.11.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Nokogiri before version 1.13.2 is vulnerable.

Publish Date: 2022-03-01

URL: WS-2022-0089

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-fq42-c5rg-92c2

Release Date: 2022-03-01

Fix Resolution: nokogiri - v1.13.2

Vulnerable Library - nokogiri-1.11.1.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1.gem

Dependency Hierarchy:

• github-pages-207.gem (Root Library)
  • ❌ nokogiri-1.11.1.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

Publish Date: 2022-04-11

URL: CVE-2022-24836

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-crjr-9rc5-ghw8

Release Date: 2022-04-11

Fix Resolution: nokogiri - 1.13.4

Vulnerable Library - github.com/golang/crypto/ssh-0c34fe9e7dc2486962ef9867e3edb3503537209f

[mirror] Go supplementary cryptography libraries

Dependency Hierarchy:

• github.com/grailbio/bigslice/archive/tarslice (Root Library)
  • github.com/grailbio/bigslice-v0.0.0-20210127211332-cc6ca3557677
    • github.com/grailbio/bigmachine/ec2system-v0.5.8
      • github.com/grailbio/bigmachine-v0.5.8
        • ❌ github.com/golang/crypto/ssh-0c34fe9e7dc2486962ef9867e3edb3503537209f (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

Publish Date: 2022-09-06

URL: CVE-2021-43565

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43565

Release Date: 2021-11-10

Fix Resolution: golang-golang-x-crypto-dev - 1:0.0~git20211202.5770296-1;golang-go.crypto-dev - 1:0.0~git20211202.5770296-1