Ethan Heilman

Name of the Vulnerable Software and Affected Versions: OpenPubkey versions prior to 0.10.0 Description: The issue allows a specially crafted JWS to bypass signature verification. Recommendations: For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the JWS verification function until a patch is available. Avoid using the `JWS` verification in sensitive transactions until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: OpenPubkey library versions prior to 0.10.0 OPKSSH versions prior to 0.5.0 Description: The issue allows a specially crafted JWS to bypass signature verification. This affects OPKSSH as it depends on the OpenPubkey library for authentication, enabling an attacker to bypass OPKSSH authentication. Recommendations: For OpenPubkey library versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. For OPKSSH versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue.