Security patch to fix CVE-2020-36242 (!87) · Merge requests · Crafty Controller / Crafty Web

Iain Powrie requested to merge security/snyk-crypto-issue into dev Mar 21, 2022

Detailed paths

Introduced through: crafty@3.4.0 › cryptography@3.2

Overview

Affected versions of this package are vulnerable to Cryptographic Issues. Certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow.

Remediation

Upgrade cryptography to version 3.3.2 or higher. (matching crafty 4.0 ver)

Security patch to fix CVE-2020-36242

Detailed paths

Overview

Remediation

Merge request reports