GHSA-3ww4-gg4f-jr7f

Source

https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-3ww4-gg4f-jr7f/GHSA-3ww4-gg4f-jr7f.json

Aliases

CVE-2023-50782

Published

2024-02-05T21:30:31Z

Modified

2024-02-23T05:16:42.983784Z

Details

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

References

Affected packages

PyPI / cryptography

Package

Name: cryptography

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

42.0.0

Affected versions

0.*

0.1

0.2

0.2.1

0.2.2

0.3

0.4

0.5

0.5.1

0.5.2

0.5.3

0.5.4

0.6

0.6.1

0.7

0.7.1

0.7.2

0.8

0.8.1

0.8.2

0.9

0.9.1

0.9.2

0.9.3

1.*

1.0

1.0.1

1.0.2

1.1

1.1.1

1.1.2

1.2

1.2.1

1.2.2

1.2.3

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.4

1.5

1.5.1

1.5.2

1.5.3

1.6

1.7

1.7.1

1.7.2

1.8

1.8.1

1.8.2

1.9

2.*

2.0

2.0.1

2.0.2

2.0.3

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.2

2.2.1

2.2.2

2.3

2.3.1

2.4

2.4.1

2.4.2

2.5

2.6

2.6.1

2.7

2.8

2.9

2.9.1

2.9.2

3.*

3.0

3.1

3.1.1

3.2

3.2.1

3.3

3.3.1

3.3.2

3.4

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

35.*

35.0.0

36.*

36.0.0

36.0.1

36.0.2

37.*

37.0.0

37.0.1

37.0.2

37.0.3

37.0.4

38.*

38.0.0

38.0.1

38.0.2

38.0.3

38.0.4

39.*

39.0.0

39.0.1

39.0.2

40.*

40.0.0

40.0.1

40.0.2

41.*

41.0.0

41.0.1

41.0.2

41.0.3

41.0.4

41.0.5

41.0.6

41.0.7