Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q4su-44km-2kd3
Summary
openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification
## Severity: HIGH

### Summary

The Whirlpool hash implementation in `openssl_encrypt/modules/registry/hash_registry.py` at **lines 570-589** uses glob patterns to find `.so` modules in site-packages and loads the first match via `importlib` without verifying module integrity.

### Affected Code

```python
for site_pkg in site.getsitepackages():
    pattern = os.path.join(site_pkg, "whirlpool*py313*.so")
    py313_modules = glob.glob(pattern)
    if py313_modules:
        module_path = py313_modules[0]  # Takes first match
        loader = ExtensionFileLoader("whirlpool", module_path)
        spec = importlib.util.spec_from_file_location("whirlpool", module_path, loader=loader)
        whirlpool_module = importlib.util.module_from_spec(spec)
        spec.loader.exec_module(whirlpool_module)
```

### Impact

The glob pattern `"whirlpool*py313*.so"` is broad and takes the first match without verifying:
- File hash/signature
- File ownership/permissions
- Whether it's a legitimate module

If an attacker can place a malicious `.so` file matching this pattern in any site-packages directory, it will be loaded and native code executed.

### Recommended Fix

- Verify the module's integrity (hash or signature) before loading
- Use a specific filename rather than a glob pattern
- Check file permissions and ownership

### Fix

Fixed in commit `963d0d1` on branch `releases/1.4.x` — added os.path.realpath() to resolve symlinks and validation that found .so files are within known site-packages directories before loading.
Aliases
0
alias GHSA-j48q-4c78-rhf9
Fixed_packages
0
url pkg:pypi/openssl-encrypt@1.4.0
purl pkg:pypi/openssl-encrypt@1.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0
Affected_packages
0
url pkg:pypi/openssl-encrypt@0.2.2
purl pkg:pypi/openssl-encrypt@0.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.2.2
1
url pkg:pypi/openssl-encrypt@0.2.3
purl pkg:pypi/openssl-encrypt@0.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.2.3
2
url pkg:pypi/openssl-encrypt@0.2.4
purl pkg:pypi/openssl-encrypt@0.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.2.4
3
url pkg:pypi/openssl-encrypt@0.2.5
purl pkg:pypi/openssl-encrypt@0.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.2.5
4
url pkg:pypi/openssl-encrypt@0.2.6
purl pkg:pypi/openssl-encrypt@0.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.2.6
5
url pkg:pypi/openssl-encrypt@0.3.0
purl pkg:pypi/openssl-encrypt@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.3.0
6
url pkg:pypi/openssl-encrypt@0.3.1
purl pkg:pypi/openssl-encrypt@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.3.1
7
url pkg:pypi/openssl-encrypt@0.3.2
purl pkg:pypi/openssl-encrypt@0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.3.2
8
url pkg:pypi/openssl-encrypt@0.3.3
purl pkg:pypi/openssl-encrypt@0.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.3.3
9
url pkg:pypi/openssl-encrypt@0.4.0
purl pkg:pypi/openssl-encrypt@0.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.4.0
10
url pkg:pypi/openssl-encrypt@0.4.1
purl pkg:pypi/openssl-encrypt@0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.4.1
11
url pkg:pypi/openssl-encrypt@0.4.2
purl pkg:pypi/openssl-encrypt@0.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.4.2
12
url pkg:pypi/openssl-encrypt@0.4.3
purl pkg:pypi/openssl-encrypt@0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.4.3
13
url pkg:pypi/openssl-encrypt@0.4.4
purl pkg:pypi/openssl-encrypt@0.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.4.4
14
url pkg:pypi/openssl-encrypt@0.5.0
purl pkg:pypi/openssl-encrypt@0.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.5.0
15
url pkg:pypi/openssl-encrypt@0.5.1
purl pkg:pypi/openssl-encrypt@0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.5.1
16
url pkg:pypi/openssl-encrypt@0.5.3
purl pkg:pypi/openssl-encrypt@0.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.5.3
17
url pkg:pypi/openssl-encrypt@0.6.0rc1
purl pkg:pypi/openssl-encrypt@0.6.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.6.0rc1
18
url pkg:pypi/openssl-encrypt@0.7.0rc2
purl pkg:pypi/openssl-encrypt@0.7.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.7.0rc2
19
url pkg:pypi/openssl-encrypt@0.7.1
purl pkg:pypi/openssl-encrypt@0.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.7.1
20
url pkg:pypi/openssl-encrypt@0.7.2
purl pkg:pypi/openssl-encrypt@0.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.7.2
21
url pkg:pypi/openssl-encrypt@0.8.0
purl pkg:pypi/openssl-encrypt@0.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.8.0
22
url pkg:pypi/openssl-encrypt@0.8.1
purl pkg:pypi/openssl-encrypt@0.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.8.1
23
url pkg:pypi/openssl-encrypt@0.8.2
purl pkg:pypi/openssl-encrypt@0.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.8.2
24
url pkg:pypi/openssl-encrypt@0.9.2
purl pkg:pypi/openssl-encrypt@0.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@0.9.2
25
url pkg:pypi/openssl-encrypt@1.0.0
purl pkg:pypi/openssl-encrypt@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.0.0
26
url pkg:pypi/openssl-encrypt@1.0.1
purl pkg:pypi/openssl-encrypt@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.0.1
27
url pkg:pypi/openssl-encrypt@1.0.2
purl pkg:pypi/openssl-encrypt@1.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.0.2
28
url pkg:pypi/openssl-encrypt@1.0.3
purl pkg:pypi/openssl-encrypt@1.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.0.3
29
url pkg:pypi/openssl-encrypt@1.1.0
purl pkg:pypi/openssl-encrypt@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.1.0
30
url pkg:pypi/openssl-encrypt@1.2.0
purl pkg:pypi/openssl-encrypt@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.2.0
31
url pkg:pypi/openssl-encrypt@1.2.1
purl pkg:pypi/openssl-encrypt@1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.2.1
32
url pkg:pypi/openssl-encrypt@1.3.0
purl pkg:pypi/openssl-encrypt@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.0
33
url pkg:pypi/openssl-encrypt@1.3.1
purl pkg:pypi/openssl-encrypt@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.1
34
url pkg:pypi/openssl-encrypt@1.3.2
purl pkg:pypi/openssl-encrypt@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.2
35
url pkg:pypi/openssl-encrypt@1.3.3
purl pkg:pypi/openssl-encrypt@1.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.3
36
url pkg:pypi/openssl-encrypt@1.3.4
purl pkg:pypi/openssl-encrypt@1.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.4
37
url pkg:pypi/openssl-encrypt@1.3.5
purl pkg:pypi/openssl-encrypt@1.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.3.5
38
url pkg:pypi/openssl-encrypt@1.4.0b3
purl pkg:pypi/openssl-encrypt@1.4.0b3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b3
39
url pkg:pypi/openssl-encrypt@1.4.0b4
purl pkg:pypi/openssl-encrypt@1.4.0b4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b4
40
url pkg:pypi/openssl-encrypt@1.4.0b5
purl pkg:pypi/openssl-encrypt@1.4.0b5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b5
41
url pkg:pypi/openssl-encrypt@1.4.0b6
purl pkg:pypi/openssl-encrypt@1.4.0b6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b6
42
url pkg:pypi/openssl-encrypt@1.4.0b7
purl pkg:pypi/openssl-encrypt@1.4.0b7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b7
43
url pkg:pypi/openssl-encrypt@1.4.0b8
purl pkg:pypi/openssl-encrypt@1.4.0b8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49v2-86kz-qkb4
1
vulnerability VCID-fp3d-fdpw-b7fv
2
vulnerability VCID-hh64-e3aw-jygv
3
vulnerability VCID-krcv-bv35-j7a2
4
vulnerability VCID-mukh-f59a-6kcn
5
vulnerability VCID-mykn-1fe2-37aw
6
vulnerability VCID-ndb9-z5kj-bfe7
7
vulnerability VCID-pecd-p43f-yyaj
8
vulnerability VCID-q4su-44km-2kd3
9
vulnerability VCID-t8sy-wuvy-juff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/openssl-encrypt@1.4.0b8
References
0
reference_url https://github.com/jahlives/openssl_encrypt
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jahlives/openssl_encrypt
1
reference_url https://github.com/jahlives/openssl_encrypt/commit/963d0d1278b722ea134272f9df65fddcd3e6ab47
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jahlives/openssl_encrypt/commit/963d0d1278b722ea134272f9df65fddcd3e6ab47
2
reference_url https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-j48q-4c78-rhf9
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jahlives/openssl_encrypt/security/advisories/GHSA-j48q-4c78-rhf9
3
reference_url https://github.com/advisories/GHSA-j48q-4c78-rhf9
reference_id GHSA-j48q-4c78-rhf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j48q-4c78-rhf9
Weaknesses
0
cwe_id 427
name Uncontrolled Search Path Element
description The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q4su-44km-2kd3