Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cryptography@3.0
Typepypi
Namespace
Namecryptography
Version3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version46.0.7
Latest_non_vulnerable_version46.0.7
Affected_by_vulnerabilities
0
url VCID-jksg-v3x3-z3d3
vulnerability_id VCID-jksg-v3x3-z3d3
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.
references
0
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43
fixed_packages
0
url pkg:pypi/cryptography@46.0.6
purl pkg:pypi/cryptography@46.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z9ad-ts2t-1bdj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6
aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jksg-v3x3-z3d3
1
url VCID-u2xn-x2tc-jbd6
vulnerability_id VCID-u2xn-x2tc-jbd6
summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
references
0
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
url https://github.com/pyca/cryptography
1
reference_url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
2
reference_url https://github.com/pyca/cryptography/pull/8230
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/8230
3
reference_url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
4
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html
7
reference_url https://security.netapp.com/advisory/ntap-20230324-0007
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230324-0007
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
reference_id CVE-2023-23931
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-23931
9
reference_url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
reference_id GHSA-w7pp-m8wf-vj6r
reference_type
scores
url https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
fixed_packages
0
url pkg:pypi/cryptography@39.0.1
purl pkg:pypi/cryptography@39.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dzvc-j4et-ukgu
1
vulnerability VCID-jksg-v3x3-z3d3
2
vulnerability VCID-n7hx-bfnn-5kgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1
aliases CVE-2023-23931, GHSA-w7pp-m8wf-vj6r, PYSEC-2023-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xn-x2tc-jbd6
2
url VCID-v56n-dpyv-rug7
vulnerability_id VCID-v56n-dpyv-rug7
summary python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
references
0
reference_url https://github.com/advisories/GHSA-hggm-jpg3-v476
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-hggm-jpg3-v476
1
reference_url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
reference_id
reference_type
scores
url https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
fixed_packages
0
url pkg:pypi/cryptography@3.2.1
purl pkg:pypi/cryptography@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jksg-v3x3-z3d3
1
vulnerability VCID-n7hx-bfnn-5kgc
2
vulnerability VCID-ra23-bf9w-2ugf
3
vulnerability VCID-u2xn-x2tc-jbd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.2.1
aliases CVE-2020-25659, GHSA-hggm-jpg3-v476, PYSEC-2021-62
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v56n-dpyv-rug7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.0