October has come and gone, and It’s time to clear away the ooky spooky Halloween cobwebs and take a look at the new open source security vulnerabilities that plagued us this past month. As usual, our hard-working research team has been sorting through the WhiteSource database to bring you October’s top 5 new open source security vulnerabilities.
Not many people realize that only 86% of reported open source security vulnerabilities are included in the CVE database. That’s why the WhiteSource database continuously aggregates information from a wide variety of sources like the National Vulnerability Database (NVD), as well as other publicly available, peer-reviewed security advisories and issue trackers.
October’s list includes a variety of popular open source projects that reflect the best of what the open source community has to offer. From Requests, the HTTP library for Python to the OG Git project, and a C SSH authentication library that grabbed some headlines as well as quite a few tweets. Whether these vulnerabilities were featured in the news and social media, or not — they reside in some of the most popular open source projects that many of us are using.
Want to find out which new open source security vulnerabilities made the list? Here’s what you need to know about the top vulnerabilities to hit in October. You can speed up your search by using the WhiteSource Vulnerability Checker to see if they are in one of your projects.
Vulnerability Score: High — 9.1 critical
Affected versions: versions 0.6 and above
An authentication bypass vulnerability was discovered in libssh’s server code in versions 0.6 and above. This highly critical issue can enable a client to bypass the authentication process, gain access to a local server (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Ayala Goldstein. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-new-open-source-security-vulnerabilities-in-october-2018