CVE-2022-4768

Name of the Vulnerable Software and Affected Versions Dropbox merou (affected versions not specified)

Description A critical issue was found in the SSH Public Key Handler component, specifically in the add public key function of the grouper/public key.py file. The manipulation of the public key str argument leads to injection. This issue can be exploited remotely.

Recommendations To fix this issue, it is recommended to apply the patch d93087973afa26bc0a2d0a5eb5c0fde748bdd107. As a temporary workaround, consider disabling the add public key function until the patch is applied. Restrict access to the SSH Public Key Handler component to minimize the risk of exploitation. Avoid using the public key str argument in the affected function until the issue is resolved.