{"id":"PYSEC-2022-42997","details":"Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.","aliases":["CVE-2022-23472","GHSA-mhhf-vgwh-fw9h"],"modified":"2023-11-08T04:08:18.746581Z","published":"2022-12-06T18:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/ArjunSharda/Passeo/security/advisories/GHSA-mhhf-vgwh-fw9h"},{"type":"FIX","url":"https://github.com/ArjunSharda/Passeo/commit/8caa798b6bc4647dca59b2376204b6dc6176361a"},{"type":"WEB","url":"https://peps.python.org/pep-0506/"}],"affected":[{"package":{"name":"passeo","ecosystem":"PyPI","purl":"pkg:pypi/passeo"},"ranges":[{"type":"GIT","repo":"https://github.com/ArjunSharda/Passeo","events":[{"introduced":"0"},{"fixed":"8caa798b6bc4647dca59b2376204b6dc6176361a"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.5"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/passeo/PYSEC-2022-42997.yaml"}}],"schema_version":"1.7.3"}