CNNVD-202601-1991 Information

CNNVD ID

CNNVD-202601-1991

Related CVE

CVE-2025-68925

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在数据伪造问题漏洞，该漏洞源于未验证JWT头中的alg字段，可能导致安全绕过。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a gap in data forgery in the previous version of Jervis 2.2, which originated from the failure to verify the alg field in the JWT header, which could lead to a safe circumvention.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-5pq9-5mpr-jj85 https://access.redhat.com/security/cve/cve-2025-68925

Patch

https://sam.gleske.net/jervis-api/2.2/