WS-2012-0012 Medium Severity Vulnerability detected by WhiteSource #6

mend-bolt-for-github · 2019-03-25T06:47:18Z

WS-2012-0012 - Medium Severity Vulnerability

Vulnerable Library - rsa-3.4-py2.py3-none-any.whl

Pure-Python RSA implementation

path: /example-python/requirements.txt

Library home page: https://pypi.python.org/packages/8b/f9/a2c046fa71af812e8ca870aa2d3171d34f8475984116b6c919d601c4cf08/rsa-3.4-py2.py3-none-any.whl

Dependency Hierarchy:

❌ rsa-3.4-py2.py3-none-any.whl (Vulnerable Library)

Vulnerability Details

There is a security vulnerability in python-rsa through version 3.4. Depending on the way decrypt_bigfile() is called, it may be possible to do a Bleichenbacher attack.

Publish Date: 2018-03-18

URL: WS-2012-0012

CVSS 2 Score Details (6.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: sybrenstuvel/python-rsa@1681a0b#diff-665ffb7d19093ce3b903440e23eb6e98

Release Date: 2016-01-22

Fix Resolution: Replace or update the following files: varblock.py, bigfile.py, usage.rst, reference.rst

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 25, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2012-0012 Medium Severity Vulnerability detected by WhiteSource #6

WS-2012-0012 Medium Severity Vulnerability detected by WhiteSource #6

mend-bolt-for-github bot commented Mar 25, 2019

WS-2012-0012 Medium Severity Vulnerability detected by WhiteSource #6

WS-2012-0012 Medium Severity Vulnerability detected by WhiteSource #6

Comments

mend-bolt-for-github bot commented Mar 25, 2019

WS-2012-0012 - Medium Severity Vulnerability