CX: CVE-2018-3737 in Unknown-sshpk and 1.10.1 @ nodegoat_cxflow.master

Description

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.

HIGH Vulnerable Package issue exists @ sshpk in branch master

Vulnerability ID: CVE-2018-3737

Package Name: sshpk

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2018-06-07T02:29:00

Current Package Version: 1.10.1

Remediation Upgrade Recommendation: 1.13.2

Link To SCA

Reference – NVD link