GHSA-537f-gxgm-3jjq

Опубликовано: 13 мая 2025

Источник: github

Github: Прошло ревью

CVSS4: 9.3

Описание

OpenPubkey Vulnerable to Authentication Bypass

Impact

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Patches

Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0.

References

CVE-2025-3757

Ссылки

Пакеты

Наименование

github.com/openpubkey/openpubkey

Затронутые версииВерсия исправления

< 0.10.0

0.10.0

EPSS

Процентиль: 13%

0.00044

Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-3757

Дефекты

CWE-305

Связанные уязвимости

CVE-2025-3757

CVSS3: 9.8

ubuntu

9 месяцев назад

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

CVE-2025-3757

CVSS3: 9.8

nvd

9 месяцев назад

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

CVE-2025-3757

CVSS3: 9.8

debian

9 месяцев назад

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerabil ...

EPSS

Процентиль: 13%

0.00044

Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-3757

Дефекты

CWE-305