ZupeiNie ZupeiNie
ZupeiNie
/ gist:cd88c827eef11a1618f8baacccd240fb
Created
July 30, 2025 01:59
jwt < v5.4.3 was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45770 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v5.4.3 | |
| Reference: https://github.com/lcobucci/jwt/security/advisories/GHSA-rp3h-65jh-3c3m |
ZupeiNie
/ gist:83756316c4c24fe97a50176a92608db3
Created
July 30, 2025 01:57
php-jwt < v6.11.0 was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45769 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v6.11.0 | |
| Reference: https://issuetracker.google.com/issues/408155096?pli=1 |
ZupeiNie
/ gist:6f65e564f2067b876321d3dfdbb76569
Last active
November 11, 2025 14:28
pyjwt < v2.10.1 was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45768 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v2.10.1 |
ZupeiNie
/ gist:705a606fbb99f3bb8c9b51e5bc13c91d
Created
July 30, 2025 01:49
jose < v6.0.10 was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45767 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v6.0.10 | |
| Reference: https://github.com/panva/jose/security/advisories/GHSA-mwmr-4mj7-4hv7 |
ZupeiNie
/ gist:9de26f17a5e135b50fa388999e912c42
Created
July 30, 2025 01:44
poco < v1.14.1-release was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45766 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v1.14.1 | |
| Reference: https://github.com/pocoproject/poco/issues/4921 |
ZupeiNie
/ gist:c621253068ce5b64911629534879e8f9
Created
July 30, 2025 01:41
ruby-jwt < v3.0.0.beta1 was discovered to contain weak encryption.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE: CVE-2025-45765 | |
| Description: | |
| we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= v3.0.0.beta1 | |
| Reference: https://github.com/jwt/ruby-jwt/issues/668 |
ZupeiNie
/ gist:2250cf1758771d56272dc326ce066202
Created
July 30, 2025 01:31
jsrsasign < v11.1.0 was discovered to contain weak encryption
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cve:CVE-2025-45764 | |
| Description:we found that the HMAC and RSA key lengths used in your JSON Web Signature (JWS) implementation do not meet recommended security standards(RFC 7518、NIST SP800-117、RFC 2437). According to CWE-326 (Inadequate Encryption Strength), using keys that are too short can lead to serious vulnerabilities and potential attacks. | |
| Affected versions: <= 11.1.0 | |
| Reference:https://github.com/kjur/jsrsasign/issues/634 |