3 matches found
hometaxbot (>=0.1.1 <=0.2.2) potentially affected by CVE-2023-48056 via pypinksign (=0.5.1)
pypinksign PYPI version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on pypinksign and may be impacted: - hometaxbot =0.1.1, =0.2.2 Source cves: CVE-2023-48056 Source advisory: OSV:GHSA-FXFF-WXXV-C2JC...
CVE-2023-48056
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...
CVE-2023-48056
PyPinkSign v0.5.1 uses a non-random or static IV for CBC mode in AES, which can lead to disclosure of information. CVE-2023-48056 is documented across multiple sources (NVD/Red Hat/GHSA/OSV) with consistent description; no explicit remediation version is provided in the connected documents. Explo...