Vulnerability Report: GO-2023-2097

CVE-2023-43809, GHSA-mc97-99j4-vm2v
Affects: github.com/charmbracelet/soft-serve
Published: Aug 21, 2024
Unreviewed

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled in github.com/charmbracelet/soft-serve

For detailed information about this vulnerability, visit https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v or https://nvd.nist.gov/vuln/detail/CVE-2023-43809.

Affected Modules

Path

Go Versions
github.com/charmbracelet/soft-serve

before v0.6.2

Aliases

CVE-2023-43809
GHSA-mc97-99j4-vm2v

References

https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v
https://nvd.nist.gov/vuln/detail/CVE-2023-43809
https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89
https://github.com/charmbracelet/soft-serve/issues/389
https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2
https://vuln.go.dev/ID/GO-2023-2097.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL