exploitDog

CVE-2023-48056

Опубликовано: 16 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

Ссылки

http://bandoche.com
Broken Link
http://pypinksign.com
Broken Link
https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md
Third Party Advisory
http://bandoche.com
Broken Link
http://pypinksign.com
Broken Link
https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bandoche:pypinksign:0.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00194

Низкий

7.5 High

CVSS3

Дефекты

CWE-330

Связанные уязвимости

GHSA-fxff-wxxv-c2jc

CVSS3: 7.5

github

около 2 лет назад

PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

EPSS

Процентиль: 42%

0.00194

Низкий

7.5 High

CVSS3

Дефекты

CWE-330