CNNVD-202511-1365 Information
CNNVD ID
CNNVD-202511-1365
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
Evervault Go SDK是Evervault开源的一个开发工具包。 Evervault Go SDK 1.3.2之前版本存在数据伪造问题漏洞,该漏洞源于验证逻辑不完整,可能导致信任不符合完整性保证的enclave操作者。
Description (English)
Evervault Go SDK is a development toolkit for Evervault Open Source. Evervault Go SDK 1.3.2 had a gap in data forgery, which stemmed from incomplete validation logic and could result in trusting enclave operators who did not meet the integrity guarantees.
Hazard Level
High
Vulnerability Type
数据伪造问题
Affected Vendor
Evervault
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/evervault/evervault-go/security/advisories/GHSA-88h9-77c7-p6w4 https://github.com/evervault/evervault-go/pull/48 https://github.com/evervault/evervault-go/commit/7c824d289bba11ec0bea46a338023f5b128bbb28 https://access.redhat.com/security/cve/cve-2025-64186
Patch
https://github.com/evervault/evervault-go/releases
Share on: