5 matches found
aiq-platform-api (>=1.0.17 <=1.0.53), archive-to-images (=1.0.0) +22 more potentially affected by CVE-2026-44722 via pyzipper (>=0.3.5 <=0.3.6)
pyzipper PYPI version =0.3.5, =1.0.17, =0.1.5, =1.0.0, =0.0.1, =0.1.4, =1.2.1, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.7 and more Source cves: CVE-2026-44722 Source advisory: OSV:GHSA-CRQM-M339-7M2P...
GHSA-CRQM-M339-7M2P pyzipper has an encryption bypass for small files encrypted using it
Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
pyzipper has an encryption bypass for small files encrypted using it
Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
PT-2026-41139
Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
pyzipper
No d...