CNNVD-202601-1992 Information

CNNVD ID

CNNVD-202601-1992

Related CVE

CVE-2025-68704

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在安全特征问题漏洞，该漏洞源于使用非加密安全的java.util.Random()，可能无法有效缓解时序攻击。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a security feature loophole in the previous version of Jervis 2.2, which originated from the use of unencrypted security java.util.Random() and could not be effective in mitigating time-series attacks.

Hazard Level

Low

Vulnerability Type

安全特征问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-c9q6-g3hr-8gww https://access.redhat.com/security/cve/cve-2025-68704

Patch

https://sam.gleske.net/jervis-api/2.2/