Vulnerability Report: GO-2023-1859
- GHSA-rm8v-mxj3-5rmq
- Affects: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
- Published: Jun 22, 2023
AES-CBC decryption is vulnerable to a timing attack which may permit an attacker to recover the plaintext of JWE data.
Affected Packages
-
PathVersionsSymbols
-
before v1.2.26
-
before v2.0.11-0.20230614080639-c8b6bec919a1
Aliases
References
- https://github.com/lestrrat-go/jwx/commit/6c41e3822485fc7e11dd70b4b0524b075d66b103
- https://github.com/lestrrat-go/jwx/commit/d9ddbc8e5009cfdd8c28413390b67afa7f576dd6
- https://vuln.go.dev/ID/GO-2023-1859.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.