Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dzvc-j4et-ukgu

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

Aliases

alias	CVE-2024-26130

alias	GHSA-6vqw-3v5j-54x4

alias	PYSEC-2024-225

Fixed_packages

url pkg:pypi/cryptography@42.0.4

purl pkg:pypi/cryptography@42.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.4

Affected_packages

url pkg:pypi/cryptography@38.0.0

purl pkg:pypi/cryptography@38.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.0

url pkg:pypi/cryptography@38.0.1

purl pkg:pypi/cryptography@38.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.1

url pkg:pypi/cryptography@38.0.2

purl pkg:pypi/cryptography@38.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.2

url pkg:pypi/cryptography@38.0.3

purl pkg:pypi/cryptography@38.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.3

url pkg:pypi/cryptography@38.0.4

purl pkg:pypi/cryptography@38.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@38.0.4

url pkg:pypi/cryptography@39.0.0

purl pkg:pypi/cryptography@39.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

vulnerability	VCID-u2xn-x2tc-jbd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.0

url pkg:pypi/cryptography@39.0.1

purl pkg:pypi/cryptography@39.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1

url pkg:pypi/cryptography@39.0.2

purl pkg:pypi/cryptography@39.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.2

url pkg:pypi/cryptography@40.0.0

purl pkg:pypi/cryptography@40.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67ns-x8ut-cbdc

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.0

url pkg:pypi/cryptography@40.0.1

purl pkg:pypi/cryptography@40.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67ns-x8ut-cbdc

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.1

url pkg:pypi/cryptography@40.0.2

purl pkg:pypi/cryptography@40.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67ns-x8ut-cbdc

vulnerability	VCID-78m5-9977-afbh

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@40.0.2

url pkg:pypi/cryptography@41.0.0

purl pkg:pypi/cryptography@41.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67ns-x8ut-cbdc

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.0

url pkg:pypi/cryptography@41.0.1

purl pkg:pypi/cryptography@41.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67ns-x8ut-cbdc

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.1

url pkg:pypi/cryptography@41.0.2

purl pkg:pypi/cryptography@41.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.2

url pkg:pypi/cryptography@41.0.3

purl pkg:pypi/cryptography@41.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.3

url pkg:pypi/cryptography@41.0.4

purl pkg:pypi/cryptography@41.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.4

url pkg:pypi/cryptography@41.0.5

purl pkg:pypi/cryptography@41.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

vulnerability	VCID-n7hx-bfnn-5kgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.5

url pkg:pypi/cryptography@41.0.6

purl pkg:pypi/cryptography@41.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.6

url pkg:pypi/cryptography@41.0.7

purl pkg:pypi/cryptography@41.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.7

url pkg:pypi/cryptography@42.0.0

purl pkg:pypi/cryptography@42.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0

url pkg:pypi/cryptography@42.0.1

purl pkg:pypi/cryptography@42.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.1

url pkg:pypi/cryptography@42.0.2

purl pkg:pypi/cryptography@42.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2

url pkg:pypi/cryptography@42.0.3

purl pkg:pypi/cryptography@42.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzvc-j4et-ukgu

vulnerability	VCID-jksg-v3x3-z3d3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.3

References

reference_url	https://github.com/pyca/cryptography
reference_id
reference_type
scores
url	https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

reference_url

https://github.com/pyca/cryptography/pull/10423

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/pyca/cryptography/pull/10423

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-26130
reference_id	CVE-2024-26130
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-26130

reference_url	https://github.com/advisories/GHSA-6vqw-3v5j-54x4
reference_id	GHSA-6vqw-3v5j-54x4
reference_type
scores
url	https://github.com/advisories/GHSA-6vqw-3v5j-54x4

Weaknesses

cwe_id	476
name	NULL Pointer Dereference
description	A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzvc-j4et-ukgu

Vulnerability Instance