VYPR

Go modules package

github.com/hashicorp-forge/hermes

pkg:golang/github.com/hashicorp-forge/hermes

Vulnerabilities (1)

  • CVE-2025-1293Feb 20, 2025
    affected < 0.5.0fixed 0.5.0

    Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.