CNNVD-202601-1996 Information

CNNVD ID

CNNVD-202601-1996

Related CVE

CVE-2025-68698

• CNNVD Published: 2026-01-13

Description (Chinese)

Jervis是Sam Gleske个人开发者的一个自动化工具。 Jervis 2.2之前版本存在加密问题漏洞，该漏洞源于使用易受Bleichenbacher填充预言攻击的PKCS1Encoding加密方式。

Description (English)

Jervis is an automated tool for Sam Gleske’s personal developers. There was a encryption loophole in the previous version of Jervis 2.2, which originated from the use of PKCS1Encoding encryption, which was vulnerable to Bleichenbacher filling in foretold attacks.

Hazard Level

Medium

Vulnerability Type

加密问题

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/samrocketman/jervis/security/advisories/GHSA-mqw7-c5gg-xq97 https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a https://access.redhat.com/security/cve/cve-2025-68698

Patch

https://sam.gleske.net/jervis-api/2.2/