/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-58mh-28mm-p6rc

Published

Last updated

https://images.chainguard.dev/security/CGA-58mh-28mm-p6rc
Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update
Fix not planned
Aliases
  • CVE-2022-45047
  • GHSA-fhw8-8j55-vwgq

Severity

Unknown

Summary

Unsafe deserialization in Apache MINA SSHD

Description

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.

Until version 2.1.0, the code affected by this vulnerability appeared in org.apache.sshd:sshd-core. Version 2.1.0 contains a commit where the code was moved to the package org.apache.sshd:sshd-common, which did not exist until version 2.1.0.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation