CVE-2018-6517
CVE-2018-6517 concerns chloride’s use of net-ssh, where host fingerprints for unknown hosts were added to the user’s known_hosts file without confirmation prior to version 0.3.0. The disclosed change in version 0.3.0 prevents chloride from updating the known_hosts file, mitigating the issue. The ...