The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade mellium.im/sasl
to version 0.3.1 or higher.
mellium.im/sasl is a Go library implementing the Simple Authentication and Security Layer (SASL) as defined by RFC 4422.
Affected versions of this package are vulnerable to Missing Critical Step in Authentication if the remote side of a SCRAM-based connection advertises support for channel binding, since an empty nonce is used. If paired with a remote end that does not validate the length of the nonce, this could lead to insufficient randomness being used during authentication.