在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2017-16007 序列:2017-16007类型:CANstatus:Candidatephase:Assigned 漏洞描述node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.参考文献
|
2022-08-15
2022-08-17
2022-09-23
2023-10-27
2022-08-18
请发表评论