iris icon indicating copy to clipboard operation
iris copied to clipboard

Published 20 hours ago verified publisher icon kataras

CVE-2020-29652

Open frankyhun opened this issue 3 years ago • 1 comments

Used versions of golang.org/x/crypto in v12.1.8, v12.2.0-alpha and v12.2.0-alpha2 are vulnerable to CVE-2020-29652.

Short description: Nil Pointer Dereference in golang.org/x/crypto Solution: Upgrade to version v0.0.0-20201216223049-8b5274cf687f or above. Description: A nil pointer dereference in the golang.org/x/crypto/ssh component enables remote attackers to cause a DoS against SSH servers.

CVE-2020-29652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652

frankyhun avatar Jun 22 '21 09:06 frankyhun

So it's not fixed yet? I think Iris has been at a standstill for months...

bigBron avatar Jun 24 '21 06:06 bigBron