Medium severity4.3NVD Advisory· Published Jan 16, 2025· Updated Apr 15, 2026

CVE-2024-48460

Description

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tabby-sshnpm	< 1.0.214	1.0.214

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-8vq4-8hfp-29xhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-48460ghsaADVISORY
github.com/Eugeny/tabby/commit/1c077147acd0a6ec9f8ee80d83a3e9688fbb9444ghsaWEB
github.com/Eugeny/tabby/issues/9955nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000