You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This CVE states that it's possible to cause an OutOfMemoryError if you parse a specially-crafted certificate. So it's not even a real security vulnerability, just a possible denial-of-service, and that would only be possible if you're connecting to untrusted TeamSpeak servers using SSH, which you're probably not doing anyway.
I think it's okay to ignore these 2 CVEs for now. I do want to update sshj to a newer version and release a new version of the TS3 API some time soon, but it looks like the current version of sshj, 0.38.0, still uses a version of bouncycastle that has some CVEs in it. Thus, I think it's better if we wait for 0.39.0 to be released, which should ship with clean bouncycastle dependencies 😄
(And yes, I do know that I could just version-manage the bouncycastle dependencies, but I really don't want to bother if there's no real reason for it)
any fixes?
The text was updated successfully, but these errors were encountered: