CNNVD-202601-1993 Information

CNNVD ID

CNNVD-202601-1993

Related CVE

CVE-2025-68703

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在加密问题漏洞，该漏洞源于从口令的SHA-256和派生盐值，导致相同口令产生相同密钥。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a encryption loophole in the previous version of Jervis 2.2, which originated from the password SHA-256 and derived salt, resulting in the same password producing the same key.

Hazard Level

Medium

Vulnerability Type

加密问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34 https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://access.redhat.com/security/cve/cve-2025-68703

Patch

https://sam.gleske.net/jervis-api/2.2/