漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
go-jose 加密问题漏洞
Vulnerability Description
go-jose是一种用于实现JavaScript对象签名和加密的标准方法。 go-jose 1.0.4之前的版本中存在加密问题漏洞,该漏洞源于程序没有验证加密公钥。攻击者可利用该漏洞破解曲线加密算法。
CVSS Information
N/A
Vulnerability Type
N/A