Описание
Hermes improperly validates a JWT
Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.
Пакеты
Наименование
github.com/hashicorp-forge/hermes
go
Затронутые версииВерсия исправления
< 0.5.0
0.5.0
Связанные уязвимости
CVSS3: 8.2
nvd
12 месяцев назад
Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.