CVE-2012-3458 – beaker

Package

Manager: pip
Name: beaker
Vulnerable Version: >=0 <1.6.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00603 pctl0.68605

Details

Beaker Sensitive Information Disclosure vulnerability Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Metadata

Created: 2022-05-17T05:22:19Z
Modified: 2024-09-12T21:05:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-39vm-p9mr-4r27/GHSA-39vm-p9mr-4r27.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-39vm-p9mr-4r27
Finding: F052
Auto approve: 1