CVE-2021-42583: Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy

January 6, 2022

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.

References

github.com/advisories/GHSA-5r5w-h76p-m726
github.com/foxcpp/maddy/blob/df40dce1284cd0fd0a9e8e7894029553d653d0a5/internal/auth/shadow/verify.go
github.com/foxcpp/maddy/releases/tag/v0.5.2
nvd.nist.gov/vuln/detail/CVE-2021-42583

Detect and mitigate CVE-2021-42583 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →