Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@1.1
Typepypi
Namespace
Namecryptography
Version1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.7
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-8kj7-du9v-uugw
vulnerability_id VCID-8kj7-du9v-uugw
summary HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
references
0
reference_url https://cryptography.io/en/latest/changelog
reference_id
reference_type
scores
url https://cryptography.io/en/latest/changelog
1
reference_url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-q3cj-2r34-2cwc
2
reference_url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
3
reference_url https://github.com/pyca/cryptography/issues/3211
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/issues/3211
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
7
reference_url http://www.openwall.com/lists/oss-security/2016/11/09/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/11/09/2
8
reference_url http://www.securityfocus.com/bid/94216
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94216
9
reference_url http://www.ubuntu.com/usn/USN-3138-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3138-1
fixed_packages
0
url pkg:pypi/cryptography@1.5.3
purl pkg:pypi/cryptography@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
1
vulnerability VCID-v56n-dpyv-rug7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@1.5.3
aliases CVE-2016-9243, GHSA-q3cj-2r34-2cwc, PYSEC-2017-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kj7-du9v-uugw
1
url VCID-jksg-v3x3-z3d3
vulnerability_id VCID-jksg-v3x3-z3d3
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
references
0
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
fixed_packages
0
url pkg:pypi/cryptography@46.0.6
purl pkg:pypi/cryptography@46.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z9ad-ts2t-1bdj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3
2
url VCID-v56n-dpyv-rug7
vulnerability_id VCID-v56n-dpyv-rug7
summary python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
references
0
reference_url https://github.com/advisories/GHSA-hggm-jpg3-v476
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hggm-jpg3-v476
1
reference_url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
fixed_packages
0
url pkg:pypi/cryptography@3.2.1
purl pkg:pypi/cryptography@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
1
vulnerability VCID-n7hx-bfnn-5kgc
2
vulnerability VCID-ra23-bf9w-2ugf
3
vulnerability VCID-u2xn-x2tc-jbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2.1
aliases CVE-2020-25659, GHSA-hggm-jpg3-v476, PYSEC-2021-62
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v56n-dpyv-rug7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@1.1