Lucene search
Veracode Vulnerability DatabaseVERACODE:4013HistoryApr 27, 2017 - 8:34 a.m.
Signature Exploitation
2017-04-2708:34:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
EPSS
0.001
Percentile
48.6%
github.com/square/go-jose is vulnerable to signature exploitation attacks. During the validation of a signed message, the API does not indicate whether the signature is valid or not. This may lead to confusion if another library assumes the signatures attached are the ones that were originally validated.
Related
nvd
nvd
CVE-2016-9122
2017-03-28 02:59:00
osv
osv
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
Signature validation bypass in gopkg.in/square/go-jose.v1
2022-08-22 17:59:45
CVE-2016-9122
2017-03-28 02:59:00
cve
cve
CVE-2016-9122
2017-03-28 02:59:00
github
github
Go JOSE Signature Validation Bypass
2021-05-18 19:15:09
ubuntucve
ubuntucve
CVE-2016-9122
2017-03-28 00:00:00
gitlab
gitlab
Improper Access Control
2021-05-18 00:00:00
prion
prion
Design/Logic Flaw
2017-03-28 02:59:00
debiancve
debiancve
CVE-2016-9122
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9122
2017-03-28 02:46:00