Is github.com/schollz/croc safe to use?

github.com/schollz/croc has 7 known vulnerabilities on the latest version (v2.2.0+incompatible). DepScope rates its health at 50/100 (high risk).

What is the latest version of github.com/schollz/croc?

The latest version of github.com/schollz/croc is v2.2.0+incompatible, released 2018-06-27.

Does github.com/schollz/croc have known vulnerabilities?

Yes. github.com/schollz/croc has 7 known vulnerabilities. See depscope.dev/pkg/go/github.com/schollz/croc for details.

Is github.com/schollz/croc deprecated?

No, github.com/schollz/croc is actively maintained. Latest release: v2.2.0+incompatible (2018-06-27).

What are alternatives to github.com/schollz/croc?

DepScope has no curated alternatives for github.com/schollz/croc at this time.

What license does github.com/schollz/croc use?

github.com/schollz/croc is licensed under MIT.

github.com/schollz/croc

govv2.2.0+incompatible

Easily and securely send things from one computer to another :crocodile: :package:

License MITpermissive21 versions135 maintainers0 deps34,901 weekly dl

schollz/croc

/ 100

Health

use with caution

github.com/schollz/[email protected]+incompatible low health (50/100) — consider alternatives

Update to >= 9.6.16 to fix known vulnerabilities

Moderate health score (50/100) — verify manually

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

23/25

security

12/15

maturity

5/15

community

Vulnerabilities

1 medium6 low

Advisories (7)

Severity	ID	Summary	Fixed in
medium	CVE-2023-43616	Sender can cause a receiver to overwrite files during ZIP extraction in Croc	9.6.16
unknown	CVE-2023-43620	Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device in github.com/schollz/croc	9.6.16
unknown	CVE-2023-43621	Croc may expose secret to local users in github.com/schollz/croc	9.6.16
unknown	CVE-2023-43618	Croc requires senders to provide local IP addresses in cleartext in github.com/schollz/croc	9.6.16
unknown	CVE-2023-43616	Sender can cause a receiver to overwrite files during ZIP extraction in Croc in github.com/schollz/croc	9.6.16
unknown	CVE-2023-43617	Cros secrets may be disclosed to untrusted relay in github.com/schollz/croc	9.6.16
unknown	CVE-2023-43619	Croc sender may send dangerous new files to receiver in github.com/schollz/croc	9.6.16

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/schollz/croc

Last updated · 2018-06-27T14:00:34Z

Severity

Summary

Fixed in

medium

CVE-2023-43616

Sender can cause a receiver to overwrite files during ZIP extraction in Croc

9.6.16

unknown

CVE-2023-43620

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device in github.com/schollz/croc

9.6.16

unknown

CVE-2023-43621

Croc may expose secret to local users in github.com/schollz/croc

9.6.16

unknown

CVE-2023-43618

Croc requires senders to provide local IP addresses in cleartext in github.com/schollz/croc

9.6.16

unknown

CVE-2023-43616

Sender can cause a receiver to overwrite files during ZIP extraction in Croc in github.com/schollz/croc

9.6.16

unknown

CVE-2023-43617

Cros secrets may be disclosed to untrusted relay in github.com/schollz/croc

9.6.16

unknown

CVE-2023-43619

Croc sender may send dangerous new files to receiver in github.com/schollz/croc

9.6.16