Security Vulnerability with python-rsa version 4.5

census-instrumentation / opencensus-python

A stats collection and distributed tracing framework

Apache License 2.0

668 stars 249 forks source link

Security Vulnerability with python-rsa version 4.5 #1042

Open Josh-Weaver opened 3 years ago

Josh-Weaver commented 3 years ago

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Please if possible upgrade to python-rsa version 4.7, as this is getting flagged in some security checks

aabmass commented 3 years ago

Which package were you using that had the rsa dependency? Could you share your pip freeze output?

tripathi-gaurav commented 1 year ago

@aabmass It is here: https://github.com/census-instrumentation/opencensus-python/blob/0afdcc94021f83a7bdda443530638a2764f2cd30/contrib/opencensus-ext-stackdriver/setup.py#L42