CNNVD-202512-259 Information

CNNVD ID

CNNVD-202512-259

Related CVE

CVE-2025-13353

• CNNVD Published: 2025-12-02

Description (Chinese)

gokey是Cloudflare开源的一个Go语言库。 gokey 0.2.0之前版本存在安全漏洞，该漏洞源于种子解密逻辑缺陷，可能导致密码熵降低和密码恢复攻击。

Description (English)

Gokey is a Go language library from Cloudflare. There was a security loophole in the pre-gokey 0.2.0 version, which stemmed from a logical flaw in the decryption of the seed, which could lead to a reduction in the encoder and a resumption of the password attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Cloudflare

Published

2025-12-02

Last Modified

2026-02-24

References

https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm

Patch

https://github.com/cloudflare/gokey/releases