Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt,/awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/dev-requirements.txt,/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt,/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/dev-requirements.txt
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
CVE-2020-25659 - Medium Severity Vulnerability
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: https://files.pythonhosted.org/packages/ca/9a/7cece52c46546e214e10811b36b2da52ce1ea7fa203203a629b8dfadad53/cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl
Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt,/awscli-bundle/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/dev-requirements.txt,/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/docs/requirements.txt,/awscli-bundle/packages/urllib3-1.25.10.tar/urllib3-1.25.10/dev-requirements.txt
Dependency Hierarchy: - :x: **cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: de1c2b0d1a23367b161c2d995029f9693bd8a155
Found in base branch: master
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Publish Date: 2021-01-11
URL: CVE-2020-25659
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
Release Date: 2021-01-11
Fix Resolution: 3.2
Step up your Open Source Security Game with Mend here