Incorrect Regular Expression in org.webjars.npm:sshpk

CVE-2018-3737

org.webjars.npm:sshpk
sshpk

High

7.5/10

Summary

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

References

Advisory Timeline

Published Jun 07, 2018