RSA 4.0 module has a security issue and is required

opentok / Opentok-Python-SDK

OpenTok Python SDK

https://tokbox.com/developer/sdks/python/

MIT License

73 stars 82 forks source link

RSA 4.0 module has a security issue and is required #204

Closed skadz closed 1 year ago

skadz commented 2 years ago

There is a CVE for the RSA module that is required by this package. Could it be updated to use a version that is not vulnerable (4.7 or higher). Thanks!

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658

maxkahan commented 1 year ago

Thanks for raising this. I have specified version 4.7 or higher in this PR #210 so it will be in the next release. Will close this when merged.

maxkahan commented 1 year ago

Added into #210