CVE-2025-3757

Опубликовано: 13 мая 2025

Источник: debian

Описание

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Пакет	Статус	Версия исправления	Релиз	Тип
golang-github-openpubkey-openpubkey	fixed	0.18.0-1		package
golang-github-openpubkey-openpubkey	no-dsa		trixie	package

https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq

CVE-2025-3757

CVSS3: 9.8

ubuntu

9 месяцев назад

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

CVE-2025-3757

CVSS3: 9.8

nvd

9 месяцев назад

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

GHSA-537f-gxgm-3jjq

github

9 месяцев назад

OpenPubkey Vulnerable to Authentication Bypass