CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

Use of a One-Way Hash with a Predictable Salt

Overview Affected versions of this package are vulnerable to Use of a One-Way Hash with a Predictable Salt in the getSecretKeySaltGenerator function of the Password Hash Handler component. An attacker can compromise the confidentiality of hashed secrets by exploiting the use of a predictable salt...

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

EUVD-2026-31584

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

CVE-2026-9370

CVE-2026-9370 affects ulisesbocchio jasypt-spring-boot up to versions 3.0.5/4.0.4. The vulnerability is in getSecretKeySaltGenerator within SimpleGCMConfig.java of the Password Hash Handler. The underlying issue is a manipulation that leads to the use of a one-way hash with a predictable salt. Th...

CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

PT-2026-42931

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

jasypt-spring-boot 安全漏洞

jasypt-spring-boot is an integration tool developed by Ulises Bocchio, a personal developer, that provides attribute encryption support for Spring Boot applications. There are security vulnerabilities in versions of jasypt-spring-boot 3.0.5 and earlier, as well as versions 4.0.4 and earlier. Thes...

EUVD-2022-5095

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2014-9970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jasypt before 1.9.2 allows a timing attack against the password hash comparison. CVE-2014-9970 Note that Nessus relies on the presence of the package as reporte...

au.net.causal.projo:projo (>=1.0 <=1.1), au.net.causal.projo:projo-jodatime (>=1.0 <=1.1) +1208 more potentially affected by CVE-2014-9970 via org.jasypt:jasypt (>=1.0 <=1.9.1)

org.jasypt:jasypt MAVEN version =1.0, =1.0, =1.0, =1.0, =1.0, =0.1, =0.1, =4.4-4, =6.0-2, =4.4-19, =4.4-5, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.5.1-rc-8 and more Source cves: CVE-2014-9970 Source advisory: OSV:GHSA-R5C2-RXH2-F5H2...

GHSA-R5C2-RXH2-F5H2 Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

CVE-2014-9970

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...

Timing Attack

jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals to verify passwords with different lengths, thereby revealing the time taken to compare the passwords...

jasypt: Vulnerable to timing attack against the password hash comparison

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...

jasypt: Vulnerable to timing attack against the password hash comparison

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...

jasypt: Vulnerable to timing attack against the password hash comparison

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...

jasypt: Vulnerable to timing attack against the password hash comparison

A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...