Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
go-jose 安全漏洞
Vulnerability Description
go-jose是一种用于实现JavaScript对象签名和加密的标准方法。 go-jose 1.0.4之前的版本中存在安全漏洞,该漏洞源于程序没有验证签名的有效性。攻击者可利用该漏洞读取未授权的数据。
CVSS Information
N/A
Vulnerability Type
N/A