Lucene search
GoogleOSV:GO-2020-0011HistoryApr 14, 2021 - 8:04 p.m.
GO-2020-0011
2021-04-1420:04:52
Google
osv.dev
11
0.001 Low
EPSS
Percentile
48.8%
When decrypting JsonWebEncryption objects with multiple recipients
or JsonWebSignature objects with multiple signatures the Decrypt
and Verify methods do not indicate which recipient or signature was
valid. This may lead a caller to rely on protected headers from an
invalid recipient or signature.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/square/go-jose | lt | 0.0.0-20160922232413-2c5656adca99 |
Related
osv
osv
Signature validation bypass in gopkg.in/square/go-jose.v1
2022-08-22 17:59:45
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
CVE-2016-9122
2017-03-28 02:59:00
gitlab
gitlab
Improper Access Control
2021-05-18 00:00:00
ubuntucve
ubuntucve
CVE-2016-9122
2017-03-28 00:00:00
github
github
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
cve
cve
CVE-2016-9122
2017-03-28 02:59:00
veracode
veracode
Signature Exploitation
2017-04-27 08:34:49
cvelist
cvelist
CVE-2016-9122
2017-03-28 02:46:00
debiancve
debiancve
CVE-2016-9122
2017-03-28 02:59:00
nvd
nvd
CVE-2016-9122
2017-03-28 02:59:00
prion
prion
Design/Logic Flaw
2017-03-28 02:59:00