VYPR

Maven package

com.google.crypto.tink/tink

pkg:maven/com.google.crypto.tink/tink

Vulnerabilities (1)

  • CVE-2020-8929Oct 19, 2020
    affected < 1.5.0fixed 1.5.0

    A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with e