0.002 Low
EPSS
Percentile
54.1%
sshpk is vulnerable to Regular expression Denial of Service (ReDoS). Due to weak regular expression choice used for public key, attackers are able to pass a malicious public key string , leading to a huge performance slow down .
github.com/joyent/node-sshpk/commit/fbff19eef8ea99815df73b1a2e20d7ebba9f496e
github.com/joyent/node-sshpk/issues/44
hackerone.com/reports/319593