Man-in-the-middle attack in golang.org/x/crypto/ssh
Overview
Source
ID
GO-2020-0013
Aliases
CVE-2017-3204
GHSA-xhjq-w7xm-p8qj
Affected package
Description
By default host key verification is disabled which allows for man-in-the-middle attacks against SSH clients if ClientConfig.HostKeyCallback is not set.
Summary
98
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
30
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
<0.01%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.0.0-20170330155735-e4e2799dd7aa
Patched/Unaffected
Affected