When decrypting JsonWebEncryption objects with multiple recipients
or JsonWebSignature objects with multiple signatures the Decrypt
and Verify methods do not indicate which recipient or signature was
valid. This may lead a caller to rely on protected headers from an
invalid recipient or signature.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/square/go-jose | lt | 0.0.0-20160922232413-2c5656adca99 |