PT-2023-20533 · Pubnub · Pubnub/Swift +7

Name of the Vulnerable Software and Affected Versions: pubnub versions prior to 7.4.0 com.pubnub:pubnub all versions github.com/pubnub/go all versions github.com/pubnub/go/v7 versions prior to 7.2.0 pubnub/pubnub versions prior to 6.1.0 pubnub/c-core versions prior to 4.5.0 com.pubnub:pubnub-kotl...

com.github.camel-labs:camel-pubnub (=0.1.0), io.relayr:android-sdk (>=0.0.1 <=0.0.7) +3 more potentially affected by CVE-2023-26154 via com.pubnub:pubnub (>=3.6.3 <=3.7.4)

com.pubnub:pubnub MAVEN version =3.6.3, =0.0.1, =0.1.1, =0.1.1, =0.1.1, =0.1.4 Source cves: CVE-2023-26154 Source advisory: SNYK:JAVA-COMPUBNUB-6098371...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...