Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive


gem: chloride
date: 2019-03-08
cve: 2018-6517
title: Improper handling of ssh known_hosts file with Chloride
description: |
  Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints
  for previously unknown hosts getting added to the user's known_hosts file without
  confirmation. In version 0.3.0 this is updated so that the user's known_hosts file
  is not updated by chloride.
cvss_v3: '5.0'
- ">= 0.3.0"