Maven package
org.apache.sshd/sshd-common
pkg:maven/org.apache.sshd/sshd-common
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41909 | — | < 2.12.0 | 2.12.0 | Aug 12, 2024 | Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequ | ||
| CVE-2023-35887 | — | >= 2.1.0, < 2.9.3 | 2.9.3 | Jul 10, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about item | ||
| CVE-2022-45047 | Cri | 9.8 | < 2.9.2 | 2.9.2 | Nov 16, 2022 | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for load |
- CVE-2024-41909Aug 12, 2024affected < 2.12.0fixed 2.12.0
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequ
- CVE-2023-35887Jul 10, 2023affected >= 2.1.0, < 2.9.3fixed 2.9.3
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about item
- affected < 2.9.2fixed 2.9.2
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for load