Closed findneo closed 4 years ago
Confirmed. We're analyzing feasibility of a backward-compatible patch and will follow up with release schedule shortly.
Resolved by #53.
Hi,
When is the fixed version planned to be released? and is there a plan to backport this patch to 1.1.x version?
Thanks, Manjunath
I'm hoping for a release in the next week. Have you done any testing with the latest snapshot?
1.2.4 has been released.
Actual source code reference seems to be https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L153
Actual source code reference seems to be
right . and here https://github.com/vt-middleware/cryptacular/blob/fafccd07ab1214e3588a35afe3c361519129605f/src/main/java/org/cryptacular/CiphertextHeader.java#L165
Please confirm if it is vulnerable. Mitre id: CVE-2020-7226 Reporter: findneo