{"id":"GHSA-qc4j-hrj6-cppf","summary":"upydev has weak encryption padding","details":"An issue in `/upydev/keygen.py` in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.","aliases":["CVE-2023-48051","PYSEC-2023-302"],"modified":"2024-11-25T22:42:10.676883Z","published":"2023-11-21T00:30:27Z","database_specific":{"nvd_published_at":"2023-11-20T23:15:06Z","github_reviewed_at":"2023-11-29T21:45:39Z","cwe_ids":["CWE-326"],"github_reviewed":true,"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48051"},{"type":"WEB","url":"https://github.com/Carglglz/upydev/issues/38"},{"type":"PACKAGE","url":"https://github.com/Carglglz/upydev"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/upydev/PYSEC-2023-302.yaml"}],"affected":[{"package":{"name":"upydev","ecosystem":"PyPI","purl":"pkg:pypi/upydev"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.4.3"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9","0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.2","0.4.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-qc4j-hrj6-cppf/GHSA-qc4j-hrj6-cppf.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}