blob: 33abc6b83a1122d7ce5bebc5a50672466704e2a1 [file] [log] [blame]
module = "golang.org/x/crypto"
package = "golang.org/x/crypto/ssh"
description = """
By default host key verification is disabled which allows for
man-in-the-middle attacks against SSH clients if
[`ClientConfig.HostKeyCallback`] is not set.
"""
cve = "CVE-2017-3204"
credit = "Phil Pennock"
symbols = ["NewClientConn"]
published = "2021-04-14T12:00:00Z"
[[versions]]
fixed = "v0.0.0-20170330155735-e4e2799dd7aa"
[links]
pr = "https://go-review.googlesource.com/38701"
commit = "https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"
context = [
"https://github.com/golang/go/issues/19767",
"https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/"
]