CVE-2023-48051: Weak Encryption
First published: Mon Nov 20 2023(Updated: )
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/upydev | <=0.4.3 | |
| Chama Cargo | =0.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in upydev v0.4.3?
The vulnerability ID for this issue in upydev v0.4.3 is CVE-2023-48051.
What is the severity of CVE-2023-48051?
The severity of CVE-2023-48051 is high with a CVSS score of 7.5.
How can attackers exploit CVE-2023-48051?
Attackers can exploit CVE-2023-48051 by decrypting sensitive information through weak encryption padding.
Which software versions are affected by CVE-2023-48051?
The vulnerable version affected by CVE-2023-48051 is upydev v0.4.3.
How do I fix CVE-2023-48051 in upydev v0.4.3?
To fix CVE-2023-48051 in upydev v0.4.3, it is recommended to update to a patched version provided by Carglglz or pip.
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/event
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-qc4j-hrj6-cppf
- alias/CVE-2023-48051
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/pip
- vendor/carglglz
- canonical/chama cargo
- version/chama cargo/0.4.3