github.com/schollz/croc/v6 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/schollz/croc/v6, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2023-43619 — CVSS 7.8 (high): An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a…
CVE-2023-43620 — CVSS 7.8 (high): An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device…
CVE-2023-43616 — CVSS 5.5 (medium): An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.
CVE-2023-43617 — CVSS 5.3 (medium): An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this…
CVE-2023-43618 — CVSS 5.3 (medium): An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips?…
CVE-2023-43621 — CVSS 4.7 (medium): An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all…