GHSA-m26p-m559-g5j5

Suggest an improvement
Source
https://github.com/advisories/GHSA-m26p-m559-g5j5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m26p-m559-g5j5/GHSA-m26p-m559-g5j5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m26p-m559-g5j5
Aliases
  • CVE-2007-6721
Published
2022-05-01T18:45:52Z
Modified
2023-11-08T03:56:49.596672Z
Summary
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
Details

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

References

Affected packages

Maven / bouncycastle:bcprov-jdk14

Package

Name
bouncycastle:bcprov-jdk14
View open source insights on deps.dev
Purl
pkg:maven/bouncycastle/bcprov-jdk14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38

Maven / bouncycastle:bcprov-jdk15

Package

Name
bouncycastle:bcprov-jdk15
View open source insights on deps.dev
Purl
pkg:maven/bouncycastle/bcprov-jdk15

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38

Maven / bouncycastle:bcprov-jdk16

Package

Name
bouncycastle:bcprov-jdk16
View open source insights on deps.dev
Purl
pkg:maven/bouncycastle/bcprov-jdk16

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38