CNNVD-202511-2442 Information
CNNVD ID
CNNVD-202511-2442
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
hpke-js是Ajitomi Daisuke个人开发者的一个混合公钥加密模块。 hpke-js 1.7.5之前版本存在安全漏洞,该漏洞源于SenderContext Seal API存在竞争条件,可能导致消息机密性和完整性丧失。
Description (English)
hpke-js is a hybrid public key encryption module for Ajitomi Daisuke personal developers. The previous version of hpke-js 1.7.5 had a security loophole, which stemmed from the competitive conditions of the SenderContext Seal API, which could lead to the loss of confidentiality and integrity of information.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/dajiaji/hpke-js/security/advisories/GHSA-73g8-5h73-26h4 https://github.com/dajiaji/hpke-js/commit/94a767c9b9f37ce48d5cd86f7017d8cacd294aaf https://github.com/dajiaji/hpke-js/blob/b7fd3592c7c08660c98289d67c6bb7f891af75c4/packages/core/src/senderContext.ts#L22-L34 https://access.redhat.com/security/cve/cve-2025-64767
Patch
https://github.com/dajiaji/hpke-js/releases
Share on: