{"id":"CVE-2023-48056","details":"PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.","aliases":["GHSA-fxff-wxxv-c2jc","PYSEC-2023-245"],"modified":"2026-03-15T22:47:38.634779Z","published":"2023-11-16T18:15:07.440Z","references":[{"type":"WEB","url":"http://bandoche.com"},{"type":"WEB","url":"http://pypinksign.com"},{"type":"ADVISORY","url":"https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bandoche/pypinksign","events":[{"introduced":"0"},{"last_affected":"8287691045fd3c0889bddd83964c5c743b4bc277"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.1"}]}}],"versions":["0.2","0.2.1","0.2.2","v0.3","v0.4","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.5.0","v0.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48056.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}