Go Ssh Library vulnerabilities

1 known vulnerability affecting go/ssh_library.

Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1

Vulnerabilities

Page 1 of 1
CVE-2017-3204HIGHCVSS 8.1vprior to commit e4e27992017-04-04
CVE-2017-3204 [HIGH] CWE-310 CVE-2017-3204: The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-midd The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
cvelistv5nvd