The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Ipworks Ssh
NVD
CVSS 4.0
2.3
EPSS
0.1%
Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.
Node.js
Information Disclosure
NVD
GitHub
CVSS 3.1
2.0
EPSS
0.5%