CVE-2023-50782 (High) detected in cryptography-39.0.1-cp36-abi3-manylinux_2_28_x86_64.whl - autoclosed #631
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2023-50782 - High Severity Vulnerability
Vulnerable Library - cryptography-39.0.1-cp36-abi3-manylinux_2_28_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/1b/90/3c06f3f7a74dad0955536088c3b743a74e8c57c265f2c7a4b61cebb369c1/cryptography-39.0.1-cp36-abi3-manylinux_2_28_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: b0f7c98d88f4f0ef7aa1b834668853b7092da5a4
Found in base branch: master
Vulnerability Details
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Publish Date: 2024-02-05
URL: CVE-2023-50782
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-3ww4-gg4f-jr7f
Release Date: 2024-02-05
Fix Resolution: 42.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: