Security patch to fix CVE-2020-36242
Detailed paths
- Introduced through: crafty@3.4.0 › cryptography@3.2
Overview
Affected versions of this package are vulnerable to Cryptographic Issues. Certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow.
Remediation
Upgrade cryptography
to version 3.3.2 or higher. (matching crafty 4.0 ver)