Release 2.0.0 #35
GitHub Actions / node-red:3.1.x-main-linux-arm64 scan results
succeeded
Jan 18, 2024 in 0s
3 fail in 0s
Annotations
Check warning on line 0 in libcrypto3-3.1.4-r3
github-actions / node-red:3.1.x-main-linux-arm64 scan results
[MEDIUM] CVE-2023-6237 (libcrypto3-3.1.4-r3) failed
trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.
Check warning on line 0 in libssl3-3.1.4-r3
github-actions / node-red:3.1.x-main-linux-arm64 scan results
[MEDIUM] CVE-2023-6237 (libssl3-3.1.4-r3) failed
trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.
Check warning on line 0 in openssl-3.1.4-r3
github-actions / node-red:3.1.x-main-linux-arm64 scan results
[MEDIUM] CVE-2023-6237 (openssl-3.1.4-r3) failed
trivy-junit-results.xml
Raw output
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.
Loading