This package has limited bug data (1 entry). Check back later or see the package health page for the full signal.
github.com/sagernet/sing-box known bugs
go1 known bug in github.com/sagernet/sing-box, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
1
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| critical | any | 1.4.5 | sing-box vulnerable to improper authentication in the SOCKS inbound ### Impact
This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication.
### Patches
Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions.
### Workarounds
Don't expose the SOCKS5 inbound to insecure environments.
| fixed | osv:GHSA-r5hm-mp3j-285g |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/go/github.com/sagernet/sing-box