npm

Severity: high

Regular Expression Denial of Service

sshpk

Overview

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.

Remediation

Update to version 1.13.2, 1.14.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 25th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    Apr 24th, 2018