Description

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9 is able to address this issue. The patch is identified as 778d26aef723daa58df98c8060c43f5bf5d1b10b. It is recommended to upgrade the affected component.

Related CPE's

Could not find any relations

References

https://github.com/gooaclok819/sublinkX/commit/778d26aef723daa58df98c8060c43f5bf5d1b10b

https://github.com/gooaclok819/sublinkX/issues/68

https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524

https://github.com/gooaclok819/sublinkX/releases/tag/1.9

https://vuldb.com/?ctiid.313882

https://vuldb.com/?id.313882

https://vuldb.com/?submit.602368

Weaknesses

[email protected]

Secondary
CWE-320CWE-321

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.7 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2025-06-25T23:15:21.310

5 months ago

Last modified

2025-06-27T11:15:25.547

5 months ago