org.apache.sshd:sshd-core

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.sshd:sshd-corepage 1 of 1

CVE-2021-30129MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.7.0
2021-07-12
vulnerable: 2.0.0 ... 2.6.0 (8 versions)
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was …
CVE-2022-45047CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.9.2
2022-11-16
vulnerable: 0.1.0 ... 2.9.1 (36 versions)
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor u…
CVE-2023-35887MEDIUMCVSS 5.0EG 5.0✓ Fixed in 2.1.0
2023-07-10
vulnerable: 1.0.0 ... 2.0.0 (9 versions)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exis…

Check whether org.apache.sshd:sshd-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.sshd:sshd-core CVEs against the assets you own.

Start Free Scan →