CNNVD-202601-1990 Information

CNNVD ID

CNNVD-202601-1990

Related CVE

CVE-2025-68931

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在加密问题漏洞，该漏洞源于AES/CBC/PKCS5Padding缺乏身份验证，容易受到填充预言攻击和密文操纵。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a encryption loophole in the previous version of Jervis 2.2, which stemmed from the lack of identification of AES/CBC/PKCS5Padding and was vulnerable to premonition attacks and secret manipulation.

Hazard Level

Medium

Vulnerability Type

加密问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-gxp5-mv27-vjcj https://access.redhat.com/security/cve/cve-2025-68931

Patch

https://sam.gleske.net/jervis-api/2.2/