CVE-2018-10903 High Severity Vulnerability detected by WhiteSource #20
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-10903 - High Severity Vulnerability
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
path: /tender_samet/requirements.txt
Library home page: https://pypi.python.org/packages/0c/eb/afcc830a9de40fe0b0c7c7f57b4ece118814bf38572bb42d45babc82b405/cryptography-2.0.3-cp27-cp27mu-manylinux1_x86_64.whl
Dependency Hierarchy:
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
Publish Date: 2018-07-30
URL: CVE-2018-10903
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903
Release Date: 2018-07-30
Fix Resolution: 2.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: