Vulnerability Report: GO-2023-2163
- CVE-2023-46129, GHSA-mr45-rx8q-wcm9
- Affects: github.com/nats-io/nkeys
- Published: Nov 02, 2023
- Modified: Nov 17, 2023
Curve KeyPairs always use the same (all-zeros) key to encrypt data, and provide no security.
For detailed information about this vulnerability, visit https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9.
Affected Packages
-
PathVersionsSymbols
-
from v0.4.0 before v0.4.6all symbols
Aliases
References
- https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
- https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1
- https://vuln.go.dev/ID/GO-2023-2163.json
Credits
- Quentin Matillat (GitHub @tinou98)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.