CVE-2025-68704: Jervis Has Weak Random for Timing Attack Mitigation
(updated )
If an attacker can predict the random delays, they may still be able to perform timing attacks.
References
- github.com/advisories/GHSA-c9q6-g3hr-8gww
- github.com/samrocketman/jervis
- github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
- github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
- github.com/samrocketman/jervis/security/advisories/GHSA-c9q6-g3hr-8gww
- nvd.nist.gov/vuln/detail/CVE-2025-68704
Code Behaviors & Features
Detect and mitigate CVE-2025-68704 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →