Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-47764C3453F4DEB2F0AEAAF097EE34D5HistoryMay 18, 2021 - 12:00 a.m.
Improper Access Control
2021-05-1800:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
7
0.001 Low
EPSS
Percentile
48.7%
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/gopkg.in/square/go-jose.v1 | lt | 1.1.0 |
Related
ubuntucve
ubuntucve
CVE-2016-9122
2017-03-28 00:00:00
osv
osv
Signature validation bypass in gopkg.in/square/go-jose.v1
2022-08-22 17:59:45
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
CVE-2016-9122
2017-03-28 02:59:00
github
github
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
cve
cve
CVE-2016-9122
2017-03-28 02:59:00
veracode
veracode
Signature Exploitation
2017-04-27 08:34:49
nvd
nvd
CVE-2016-9122
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9122
2017-03-28 02:46:00
debiancve
debiancve
CVE-2016-9122
2017-03-28 02:59:00
prion
prion
Design/Logic Flaw
2017-03-28 02:59:00