github.com/jpillora/chisel
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/jpillora/chiselpage 1 of 1
- CVE-2024-43798HIGHCVSS 8.6EG 8.6✓ Fixed in 1.10.02024-08-26
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if cred…
- CVE-2026-48113HIGHCVSS 0.0EG 0.0✓ Fixed in 1.11.52026-06-12
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection ### Summary Authenticated chisel clients can bypass `--authfile` ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL…
Check whether github.com/jpillora/chisel is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/jpillora/chisel CVEs against the assets you own.
Start Free Scan →