0.002 Low
EPSS
Percentile
55.1%
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
github.com/Gurpartap/aescrypt
github.com/Gurpartap/aescrypt/issues/4
github.com/rubysec/ruby-advisory-db/blob/master/gems/aescrypt/CVE-2013-7463.yml
nvd.nist.gov/vuln/detail/CVE-2013-7463
web.archive.org/web/20200227173428/www.securityfocus.com/bid/98035