Safety CI > DLR-SC/prov2bigchaindb

pyup-pin-networkx-3.6.1

4 months, 2 weeks ago

3d2567d7

Pin networkx to latest version 3.6.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-prov-2.1.1

5 months ago

60af5b58

Pin prov to latest version 2.1.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.6

5 months ago

4ff40b75

Pin networkx to latest version 3.6

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-prov-2.0.2

10 months, 2 weeks ago

78e7c0b7

Pin prov to latest version 2.0.2

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.5

10 months, 4 weeks ago

bff6b584

Pin networkx to latest version 3.5

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.4.2

1 year, 6 months ago

634417d0

Pin networkx to latest version 3.4.2

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.4.1

1 year, 6 months ago

e8d47fa7

Pin networkx to latest version 3.4.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.4

1 year, 6 months ago

cb132d18

Pin networkx to latest version 3.4

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-prov-2.0.1

1 year, 10 months ago

6a499d80

Pin prov to latest version 2.0.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.3

2 years ago

a52c67fb

Pin networkx to latest version 3.3

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.2.1

2 years, 5 months ago

b010ce73

Pin networkx to latest version 3.2.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.2

2 years, 6 months ago

45ca9d7b

Pin networkx to latest version 3.2

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-networkx-3.1

3 years ago

322aad25

Pin networkx to latest version 3.1

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-prov-2.0.0

5 years, 5 months ago

894461ad

Pin prov to latest version 2.0.0

BigchainDB 1.3.0 and bigchaindb-driver 0.4.1 have known security vulnerabilities.

Package	Installed	Affected	Info
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.
BigchainDB	1.3.0	<2.2.2	show Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'gunicorn' to v20.0.4 to include a security fix.

BigchainDB

1.3.0

<2.2.2

show

Bigchaindb 2.2.2 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

pyup-pin-bigchaindb-2.2.2

5 years, 6 months ago

7523bd53

Pin bigchaindb to latest version 2.2.2

bigchaindb-driver 0.4.1 has known security vulnerabilities.

Package	Installed	Affected	Info
bigchaindb-driver	0.4.1	<0.5.2	show Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Package

Installed

Affected

Info

bigchaindb-driver

0.4.1

<0.5.2

show

Bigchaindb-driver 0.5.2 includes a fix for CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.