CVE-2022-45047
maven/org.apache.sshd/sshd
Deserialization of Untrusted Data
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
All versions up to 2.9.1
Upgrade to version 2.9.2 or above.
2022-11-21
source |