Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
/n software IPWorks SSH insufficient file access verification
Vulnerability Description
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.
CVSS Information
N/A
Vulnerability Type
CWE-1390
Vulnerability Title
IPWorks SSH 安全漏洞
Vulnerability Description
IPWorks SSH是nsoftware 的一个集成了SSH(Secure Shell)安全功能的库,它允许开发者轻松地将SSH安全集成到互联网应用程序中。 IPWorks SSH存在安全漏洞,该漏洞源于在加载SSH公钥或证书时可能会被诱导发出非预期的文件系统或网络路径请求。
CVSS Information
N/A
Vulnerability Type
N/A