Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2020-0010
HistoryApr 14, 2021 - 8:04 p.m.

Elliptic curve key disclosure in github.com/square/go-jose

2021-04-1420:04:52
Google
osv.dev
11

0.002 Low

EPSS

Percentile

54.6%

JSON

When using ECDH-ES an attacker can mount an invalid curve attack during decryption as the supplied public key is not checked to be on the same curve as the receivers private key.

CPENameOperatorVersion
github.com/square/go-joselt1.0.4

Related

osv 2
github 1
ubuntucve 1
prion 1
debiancve 1
cvelist 1
veracode 1
cve 1
gitlab 1
nvd 1
osv
osv
Elliptic Curve Key Disclosure in go-jose
2021-06-23 17:17:52
CVE-2016-9121
2017-03-28 02:59:00
github
github
Elliptic Curve Key Disclosure in go-jose
2021-06-23 17:17:52
ubuntucve
ubuntucve
CVE-2016-9121
2017-03-28 00:00:00
prion
prion
Code injection
2017-03-28 02:59:00
debiancve
debiancve
CVE-2016-9121
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9121
2017-03-28 02:46:00
veracode
veracode
Invalid Curve Attack
2017-04-27 06:26:15
cve
cve
CVE-2016-9121
2017-03-28 02:59:00
gitlab
gitlab
Inadequate Encryption Strength
2021-06-23 00:00:00
nvd
nvd
CVE-2016-9121
2017-03-28 02:59:00

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for OSV:GO-2020-0010
osv2github1ubuntucve1prion1debiancve1cvelist1veracode1cve1gitlab1nvd1