Comments (9)
Hi @BernhardGruen,
Yes it is. We should be able to add support for the new "strict key exchange" OpenSSH added soon to help mitigate.
Thanks,
Jeremy
from jsch.
CVE-2023-48795 is fixed in version 0.2.15 or higher.
from jsch.
Hi @mohanchavata12,
That is a link to the original version of JSch that has been abandoned by the original developer.
The link for this fork of JSch is: https://mvnrepository.com/artifact/com.github.mwiede/jsch.
Thanks,
Jeremy
from jsch.
Hey @norrisjeremy
wow what a fast response - incredible.
Thank you so much for your answer. It seems the corresponding CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 does not yet mention jsch. Maybe you can add jsch to it after the fix is ready.
from jsch.
Snyk also doesn't recognize 0.2.15 as having fixed this: https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBMWIEDE-6130900
from jsch.
Snyk also doesn't recognize 0.2.15 as having fixed this: https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBMWIEDE-6130900
Snyk does not know 0.2.15, latest version in list is 0.2.14
from jsch.
Which versions of the jsch is vulnerable ? No indication of the Terrapin CVE on the component versions here
https://mvnrepository.com/artifact/com.jcraft/jsch
from jsch.
Thank you Jeremy for your quick response. As per the NVD, jsch before 0.2.15 is vulnerable to the Terrapin. There is no clear sign of the CVE 2023-48795 here- https://mvnrepository.com/artifact/com.github.mwiede/jsch or either in the Sync.
from jsch.
Hi @mohanchavata12,
We have no authority over how the https://mvnrepository.com/ is operated.
If this is especially important to you, I would recommend that you attempt to directly contact them.
Thanks,
Jeremy
from jsch.
Related Issues (20)
- Full List of Config Options For Backwards Compatibility with Original Jsch
- Merge release branch? HOT 1
- Question about ssh-rsa deprecation HOT 5
- Ordering of "ls"-method possible? HOT 2
- [Question] Disconnecting: Received data for nonexistent channel 0.
- error in channel connection HOT 7
- Some bizarre exception when using SSH key to log on HOT 3
- failed to parse public key error with successful connection HOT 3
- After upgrade from version 02.11 to 0.2.16 connections fail with: java.io.IOException: End of IO Stream Read HOT 8
- sftp server failed to read file HOT 4
- Support for rsa2048-sha256 Key exchange HOT 6
- Jenkins com.jcraft.jsch.JSchAlgoNegoFailException: Algorithm negotiation fail HOT 5
- Connecting to Euler server, executing write and execute scripts in one connection, memory error HOT 1
- Does JSCH support JDK17 HOT 4
- Specify certificate file in ssh connection HOT 1
- Exception During Authentication - IOException: End of IO Stream Read HOT 5
- Packet corrupt HOT 2
- "JSchException: key type ssh-rp is not supported" Error on adding identity HOT 3
- Multi-Release jar for Java8 HOT 2
- Android: DexMerge Failed HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsch.