Vulnerability in Tg123 Sshpiper
CVE-2024-35175
sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059…
EPSS: 0.003 (17.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Tg123 Sshpiper — versions >= 1.0.50, < 1.3.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-35175?
- CVE-2024-35175 is a medium-severity vulnerability in Tg123 Sshpiper, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.3/10. Published 2024-05-14.
- How severe is CVE-2024-35175?
- Medium severity. CVSS v3 base score is 5.3 out of 10.