CVE-2020-8929
CVE-2020-8929 concerns the Java implementation of Google Tink prior to 1.5, where mis-handling invalid Unicode characters in ciphertexts allows an attacker to change the ID portion of a ciphertext. This can create a second ciphertext that decrypts to the same plaintext, impacting ciphertext integ...