CNNVD-202601-1994 Information

CNNVD ID

CNNVD-202601-1994

Related CVE

CVE-2025-68702

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在加密问题漏洞，该漏洞源于使用padLeft(32, 0)而非padLeft(64, 0)处理SHA-256输出，可能导致十六进制表示错误。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a encryption loophole in the previous version of Jervis 2.2, which resulted from the use of padLeft (32, 0) rather than padLeft (64, 0) to process SHA-256 output, which could lead to an error in hexadecimal expression.

Hazard Level

Medium

Vulnerability Type

加密问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://github.com/samrocketman/jervis/security/advisories/GHSA-67rj-pjg6-pq59 https://access.redhat.com/security/cve/cve-2025-68702

Patch

https://sam.gleske.net/jervis-api/2.2/