https://blog.qife122.com/tags/pubnub/ Recent content in PUBNUB on 办公AI智能小助手 Hugo zh-cn qife Mon, 29 Dec 2025 12:16:22 +0800 https://blog.qife122.com/p/pubnub%E5%8A%A0%E5%AF%86%E6%BC%8F%E6%B4%9E%E6%B7%B1%E5%BA%A6%E8%A7%A3%E6%9E%90%E7%86%B5%E4%B8%8D%E8%B6%B3%E5%A6%82%E4%BD%95%E5%AF%BC%E8%87%B4aes-256-cbc%E5%AE%89%E5%85%A8%E6%80%A7%E5%87%8F%E5%8D%8A/ Mon, 29 Dec 2025 12:16:22 +0800 https://blog.qife122.com/p/pubnub%E5%8A%A0%E5%AF%86%E6%BC%8F%E6%B4%9E%E6%B7%B1%E5%BA%A6%E8%A7%A3%E6%9E%90%E7%86%B5%E4%B8%8D%E8%B6%B3%E5%A6%82%E4%BD%95%E5%AF%BC%E8%87%B4aes-256-cbc%E5%AE%89%E5%85%A8%E6%80%A7%E5%87%8F%E5%8D%8A/ <h1 id="cve-2023-26154pubnub熵不足漏洞技术分析">CVE-2023-26154：PubNub熵不足漏洞技术分析</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>CVE-2023-26154是一个影响PubNub多个客户端库的<strong>中等严重性漏洞</strong>，涉及<strong>熵不足</strong>（Insufficient Entropy）问题。该漏洞的核心在于<code>getKey</code>函数对AES-256-CBC加密算法的低效实现，导致加密强度显著降低。</p> https://blog.qife122.com/p/pubnub%E5%AF%86%E7%A0%81%E5%AD%A6%E7%86%B5%E4%B8%8D%E8%B6%B3%E6%BC%8F%E6%B4%9Ecve-2023-26154%E6%B7%B1%E5%BA%A6%E8%A7%A3%E6%9E%90/ Wed, 10 Dec 2025 08:40:35 +0800 https://blog.qife122.com/p/pubnub%E5%AF%86%E7%A0%81%E5%AD%A6%E7%86%B5%E4%B8%8D%E8%B6%B3%E6%BC%8F%E6%B4%9Ecve-2023-26154%E6%B7%B1%E5%BA%A6%E8%A7%A3%E6%9E%90/ <h1 id="pubnub-insufficient-entropy-vulnerability--cve-2023-26154--github-advisory-database">pubnub Insufficient Entropy vulnerability · CVE-2023-26154 · GitHub Advisory Database</h1> <h2 id="漏洞详情">漏洞详情</h2> <p><strong>Dependabot alerts</strong>: 0</p> <h3 id="受影响包及版本">受影响包及版本</h3> <table> <thead> <tr> <th>包管理器</th> <th>包名</th> <th>受影响版本</th> <th>已修复版本</th> </tr> </thead> <tbody> <tr> <td>nuget</td> <td>Pubnub</td> <td>&lt; 6.19.0</td> <td>6.19.0</td> </tr> <tr> <td>maven</td> <td>com.pubnub:pubnub</td> <td>&lt;= 4.6.5</td> <td>无</td> </tr> <tr> <td>maven</td> <td>com.pubnub:pubnub-kotlin</td> <td>&lt; 7.7.0</td> <td>7.7.0</td> </tr> <tr> <td>gomod</td> <td>github.com/pubnub/go</td> <td>&lt; 0.0.0-20231016150651-428517fef5b9</td> <td>0.0.0-20231016150651-428517fef5b9</td> </tr> <tr> <td>gomod</td> <td>github.com/pubnub/go/v5</td> <td>&lt; 5.0.4-0.20231016150651-428517fef5b9</td> <td>5.0.4-0.20231016150651-428517fef5b9</td> </tr> <tr> <td>gomod</td> <td>github.com/pubnub/go/v6</td> <td>&lt; 6.1.1-0.20231016150651-428517fef5b9</td> <td>6.1.1-0.20231016150651-428517fef5b9</td> </tr> <tr> <td>gomod</td> <td>github.com/pubnub/go/v7</td> <td>&lt; 7.2.0</td> <td>7.2.0</td> </tr> <tr> <td>swift</td> <td>github.com/pubnub/swift</td> <td>&lt; 6.2.0</td> <td>6.2.0</td> </tr> <tr> <td>npm</td> <td>pubnub</td> <td>&lt; 7.4.0</td> <td>7.4.0</td> </tr> <tr> <td>bundler</td> <td>pubnub (RubyGems)</td> <td>&lt; 5.3.0</td> <td>5.3.0</td> </tr> <tr> <td>cargo</td> <td>pubnub (Rust)</td> <td>&lt; 0.4.0</td> <td>0.4.0</td> </tr> <tr> <td>pub</td> <td>pubnub (Pub)</td> <td>&lt; 4.3.0</td> <td>4.3.0</td> </tr> <tr> <td>pip</td> <td>pubnub (pip)</td> <td>&lt; 7.3.0</td> <td>7.3.0</td> </tr> <tr> <td>composer</td> <td>pubnub/pubnub (Composer)</td> <td>&lt; 6.1.0</td> <td>6.1.0</td> </tr> </tbody> </table> <h2 id="漏洞描述">漏洞描述</h2> <p>以下包版本存在熵不足漏洞：package pubnub 7.4.0之前版本；package com.pubnub:pubnub 的所有版本；package pubnub 6.19.0之前版本；package github.com/pubnub/go 的所有版本；package github.com/pubnub/go/v7 7.2.0之前版本；package pubnub 7.3.0之前版本；package pubnub/pubnub 6.1.0之前版本；package pubnub 5.3.0之前版本；package pubnub 0.4.0之前版本；package pubnub/c-core 4.5.0之前版本；package com.pubnub:pubnub-kotlin 7.7.0之前版本；package pubnub/swift 6.2.0之前版本；package pubnub 5.2.0之前版本；package pubnub 4.3.0之前版本。</p>