CNNVD-202512-671 Information
CNNVD ID
CNNVD-202512-671
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
goaway是Hugo个人开发者的一个DNS黑洞软件。 goaway 0.62.19之前版本存在安全漏洞,该漏洞源于使用硬编码密钥签名JWT令牌,可能导致认证绕过。
Description (English)
Goaway is a DNS black hole software for Hugo personal developers. There is a security loophole in the pre-goaway 0.62.19 version, which stems from the use of a hard-coded key to sign the JWT, which may result in the authentication being bypassed.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L69 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L15 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/auth.go#L48 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L88 https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L110 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L40 https://github.com/pommee/goaway/commit/5769f8782b7453ca1c22a201b224b5ce48532f64#diff-4ddfd6cf1311ddfd45734bb1dc53bc208df69584ba92ac4f38866bd558434678L15-L40 https://github.com/pommee/goaway/releases/tag/v0.62.16 https://access.redhat.com/security/cve/cve-2025-65730
Patch
https://github.com/pommee/goaway/releases
Share on: