Path to this page:
Subject: CVS commit: pkgsrc/security/nuclei
From: Benny Siegert
Date: 2023-12-23 21:14:46
Message id: 20231223201446.7AAB7FA42@cvs.NetBSD.org
Log Message:
nuclei: update to 3.1.3 (security)
This fixes the following vulnerability:
Vulnerability #1: GO-2023-2402
Man-in-the-middle attacker can compromise integrity of secure channel in
golang.org/x/crypto
More info: https://pkg.go.dev/vuln/GO-2023-2402
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.14.0
Fixed in: golang.org/x/crypto@v0.17.0
v3.1.3
- Added email support to SMTP client in javascript protocol
- Added Interface in Networkconfig (SDK)
v3.1.2
Fixed bug with network protocol: revert full buffer size read
v3.1.1
- Added support for arbitrary string input for TLS SNI annotation
- Fixed panic + refactor headless waitevent action
- Fixed wait time + added timeout for ssh connection
- Fixed issue with headless result upload
v3.1.0
- Added support to upload / view results into PDCP Dashboard
- Added support to exclude target from scan input list
- Added support for multiple ports in network template
- Added port, scheme and url field in json(l) output
- Added support to execute commands via ssh client in javascript protocol
- Added support to set dialer timeout
- Added connection reset by peer to include error used for host exclusion
- Added support to include failed matches for errored hosts with -ms option
Files: