We currently support only the latest released version of WebSSH2 with security updates.
| Version | Supported |
|---|---|
| 3.1.x | ✅ |
| < 3.1.0 | ❌ |
We strongly recommend always using the latest release to ensure you have the most recent security patches and improvements.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by:
GitHub Security Advisories: Use the Security Advisories feature to privately report vulnerabilities
Please include as much of the following information as possible:
- Type of vulnerability (e.g., authentication bypass, injection, etc.)
- Step-by-step instructions to reproduce the issue
- Affected version(s)
- Potential impact of the vulnerability
- Suggested fix (if available)
- Initial Response: You can expect an initial response within 72 hours acknowledging receipt of your report
- Status Updates: We will keep you informed of our progress as we investigate and address the issue
- Timeline: We aim to release a security patch within 30 days for confirmed vulnerabilities, depending on complexity
- Credit: If you wish, we will credit you in the security advisory and release notes (unless you prefer to remain anonymous)
When deploying WebSSH2:
- Always use HTTPS/TLS in production environments
- Implement proper authentication mechanisms
- Follow the principle of least privilege for SSH access
- Keep Node.js and all dependencies up to date
- Review and follow security guidance in our documentation
- Use environment variables for sensitive configuration (see ENV_VARIABLES.md)
- Private Disclosure: We request that you give us reasonable time to address the issue before public disclosure
- Coordinated Disclosure: We will coordinate with you on the disclosure timeline
- Public Advisory: Once a fix is released, we will publish a security advisory detailing the vulnerability, the fix, and assigning credit.
Thank you for helping keep WebSSH2 and its users secure!
As of 2026-01-27, we evaluated the following vulnerabilities affecting our client dependencies:
| Aspect | Status |
|---|---|
| Affected versions | seroval < 1.4.1 |
| Our version | seroval@1.5.0 (transitive via solid-js) |
| Status | Not vulnerable - already on patched version |
This vulnerability affects the fromJSON and fromCrossJSON functions in client-to-server transmission scenarios, requiring Solid Start server functions to exploit.
Why we are not affected:
- webssh2_client is a plain Solid.js SPA, not a Solid Start application
- No
"use server"directives or server functions are used - All client-server communication uses Socket.IO's native JSON serialization
- seroval is only a transitive dependency and is not directly imported or used
| Aspect | Status |
|---|---|
| Vulnerability type | Cross-site Scripting (XSS) |
| Status | Not vulnerable - safe coding patterns used |
Why we are not affected:
- No
innerHTMLordangerouslySetInnerHTMLusage in the codebase - All JSX uses Solid.js safe text binding
- Terminal output is rendered through xterm.js which safely handles escape sequences
As of 2026-01-27, automated checks for Shai-hulud 2.0 indicators of compromise (IoCs) found no evidence of compromise in this repository.
The scanner performed the following checks:
- Searched for risky npm lifecycle scripts (preinstall, postinstall)
- Checked for known Shai-hulud 2.0 payload files (setup_bun.js, bun_environment.js)
- Inspected GitHub Actions workflows for discussion-triggered backdoor patterns and secret-dumping jobs
- Searched for known self-hosted runner and Docker breakout markers
- Checked for leaked cloud credentials and unsafe npm token usage
- Compared dependencies against a supplied list of known compromised npm packages (if provided)
No matches were found. This is not a guarantee of safety, but it indicates that this project does not currently exhibit known Shai-hulud 2.0 patterns.
Regardless of current status, this project aims to reduce supply chain risk through the following practices:
- Dependencies are pinned, with automated checks to avoid adopting very recent releases until they age out an organization-defined delay window.
- CI/CD tokens and cloud credentials follow least-privilege and short-lived patterns.
- GitHub Actions workflows are restricted to known, reviewed actions from trusted sources.
- Secret scanning is enabled for this repository.
- npm lifecycle scripts are avoided where possible and are never used to download and execute remote code.
- Cloud IAM policies are configured so that developer or CI credentials cannot directly access production infrastructure.
For more information about detection logic or mitigations, contact the security team via GitHub Security Advisories.
As of 2026-02-26, we evaluated the following vulnerability affecting our dev dependencies:
| Aspect | Status |
|---|---|
| Affected versions | rollup 4.0.0 - 4.58.0 |
| Severity | HIGH |
| Our version | rollup@4.59.0 (updated from 4.57.1) |
| Status | Patched - updated to fixed version |
This vulnerability allows arbitrary file writes via path traversal in rollup's bundle output.
Action taken:
- Updated rollup from 4.57.1 to 4.59.0 which includes the fix
- rollup is a dev dependency only (used by Vitest) and does not ship in production builds
- Exception to the 2-week age-out policy was granted due to high severity
As of 2026-03-24, we evaluated the TeamPCP campaign that compromised Aqua Security's GitHub and Docker Hub accounts, injecting malware into the Trivy vulnerability scanner and propagating a self-replicating worm ("CanisterWorm") through npm packages.
This repository uses aquasecurity/trivy-action in CI (ci.yml):
| Aspect | Status |
|---|---|
| Trivy action pinning | Pinned to commit SHA 76071ef0... (v0.31.0) |
| Compromised packages in deps | None found |
| Filesystem IOCs | None found |
| npm publishing | Not applicable — webssh2 is not published to npm |
| Status | Not compromised |
- GitHub Actions are pinned to commit SHAs, not mutable tags, preventing silent tag-based substitution
- The pinned SHA
76071ef0d7ec797419534a183b498b4d6366cf37predates the compromise and was verified against the pre-incident repository state - This repository does not publish to npm and has no npm tokens configured, so there is nothing for the worm to exfiltrate or abuse
- No known compromised dependencies were found in
package-lock.json
- Trivy action review: Confirmed pinned SHAs correspond to legitimate pre-compromise commits
- IOC scan: Checked build systems for CanisterWorm filesystem artifacts — none found
- Dependency audit: Scanned all
package-lock.jsonfiles against known compromised package list — clean
For reference, the following IOCs were published by Aikido and Socket:
C2 infrastructure:
- ICP canister:
tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io - Cloudflare tunnels:
souls-entire-defined-routes.trycloudflare.com,investigation-launches-hearings-copying.trycloudflare.com,championships-peoples-point-cassette.trycloudflare.com
Filesystem artifacts:
~/.local/share/pgmon/service.py,~/.config/systemd/user/pgmon.service/var/lib/svc_internal/runner.py,/var/lib/pgmon/pgmon.py/tmp/pglog,/tmp/.pg_state
Kubernetes artifacts (kube-system namespace):
- DaemonSets:
host-provisioner-iran,host-provisioner-std - Container names:
kamikaze(wiper),provisioner(backdoor)
Compromised npm packages (partial list):
- 28 packages in
@EmilGroupscope, 16 in@opengovscope @teale.io/eslint-config(v1.8.11, v1.8.12),@airtm/uuid-base32,@pypestream/floating-ui-dom
- Ars Technica — Self-propagating malware poisons open source software
- Aikido — TeamPCP Deploys CanisterWorm on NPM Following Trivy Compromise
- Aikido — CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran
Last updated: 2026-03-24
Next review: 2026-04-24