Package | Installed | Affected | Info |
---|---|---|---|
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix. |
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix. |
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix. |
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix. |
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix. |
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix. |
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix. |
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix. |
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix. |
BigchainDB | 1.3.0 | <2.2.2 |
show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix. |
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Package | Installed | Affected | Info |
---|---|---|---|
bigchaindb-driver | 0.4.1 | <0.5.2 |
show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/python-3-shield.svg)](https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/)
.. image:: https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/python-3-shield.svg :target: https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/ :alt: Python 3
<a href="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/"><img src="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/
{<img src="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/]
https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg
[![Updates](https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg)](https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/)
.. image:: https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg :target: https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/ :alt: Updates
<a href="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/"><img src="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg(Updates)!:https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/
{<img src="https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/DLR-SC/prov2bigchaindb/]