AIKIDO-2026-10384
github.com/yaronf/httpsign is vulnerable to Improper Verification of Cryptographic Signature
73
High Risk
This Affects:
github.com/yaronf/httpsignTL;DR
Affected versions of this package are affected by an authentication bypass vulnerability due to insufficient validation of HTTP signature components during request verification. The implementation does not strictly validate certain parsed fields, allowing malformed or ambiguous input to be interpreted in a way that bypasses signature verification. An attacker could exploit this by crafting requests where the verified signature does not accurately reflect the intended signed data, potentially allowing unauthorized or tampered requests to be accepted as valid. The issue is addressed by enforcing stricter validation and parsing of signature inputs during verification.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/yaronf/httpsign is vulnerable to Improper Verification of Cryptographic Signature in versions 0.1.6 - 0.4.2.
How to fix this
Upgrade the github.com/yaronf/httpsign library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant