Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125,/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
CVE-2020-25658 - High Severity Vulnerability
Vulnerable Libraries - rsa-4.5-py2.py3-none-any.whl, rsa-3.4.2.tar.gz
rsa-4.5-py2.py3-none-any.whl
Pure-Python RSA implementation
Library home page: https://files.pythonhosted.org/packages/26/f8/8127fdda0294f044121d20aac7785feb810e159098447967a6103dedfb96/rsa-4.5-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125,/awscli-bundle/packages/awscli-1.18.125.tar/awscli-1.18.125
Dependency Hierarchy: - :x: **rsa-4.5-py2.py3-none-any.whl** (Vulnerable Library)
rsa-3.4.2.tar.gz
Pure-Python RSA implementation
Library home page: https://files.pythonhosted.org/packages/14/89/adf8b72371e37f3ca69c6cb8ab6319d009c4a24b04a31399e5bd77d9bb57/rsa-3.4.2.tar.gz
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/rsa-3.4.2.tar.gz,/awscli-bundle/packages/rsa-3.4.2.tar.gz
Dependency Hierarchy: - :x: **rsa-3.4.2.tar.gz** (Vulnerable Library)
Found in HEAD commit: de1c2b0d1a23367b161c2d995029f9693bd8a155
Found in base branch: master
Vulnerability Details
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Publish Date: 2020-11-12
URL: CVE-2020-25658
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-xrx6-fmxq-rjj2
Release Date: 2020-11-12
Fix Resolution: 4.7
Step up your Open Source Security Game with Mend here