github.com/schollz/croc/v8

Go6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/schollz/croc/v8page 1 of 1

CVE-2023-43616MEDIUMCVSS 5.5EG 5.5
2023-09-20
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
CVE-2023-43617MEDIUMCVSS 5.3EG 5.3
2023-09-20
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.
CVE-2023-43618MEDIUMCVSS 5.3EG 5.3
2023-09-20
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.
CVE-2023-43619HIGHCVSS 7.8EG 7.8
2023-09-20
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.
CVE-2023-43620HIGHCVSS 7.8EG 7.8
2023-09-20
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.
CVE-2023-43621MEDIUMCVSS 4.7EG 4.7
2023-09-20
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.

Check whether github.com/schollz/croc/v8 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/schollz/croc/v8 CVEs against the assets you own.

Start Free Scan →