Open mend-bolt-for-github[bot] opened 3 years ago
Pure-Python RSA implementation
Library home page: https://files.pythonhosted.org/packages/02/e5/38518af393f7c214357079ce67a317307936896e961e35450b70fad2a9cf/rsa-4.0-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **rsa-4.0-py2.py3-none-any.whl** (Vulnerable Library)
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Publish Date: 2020-11-12
URL: CVE-2020-25658
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-xrx6-fmxq-rjj2
Release Date: 2020-11-12
Fix Resolution: rsa - 4.7
Step up your Open Source Security Game with WhiteSource here
CVE-2020-25658 - Medium Severity Vulnerability
Vulnerable Library - rsa-4.0-py2.py3-none-any.whl
Pure-Python RSA implementation
Library home page: https://files.pythonhosted.org/packages/02/e5/38518af393f7c214357079ce67a317307936896e961e35450b70fad2a9cf/rsa-4.0-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **rsa-4.0-py2.py3-none-any.whl** (Vulnerable Library)
Vulnerability Details
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Publish Date: 2020-11-12
URL: CVE-2020-25658
CVSS 3 Score Details (5.9)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-xrx6-fmxq-rjj2
Release Date: 2020-11-12
Fix Resolution: rsa - 4.7
Step up your Open Source Security Game with WhiteSource here