CVE-2021-39182

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-39182

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39182.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-39182

Aliases

Published

2021-11-08T15:15:07Z

Modified

2024-10-12T08:19:54.094236Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the MD5 hashing function from the file hashing.py.

References

Affected packages

Git / github.com/metamorphic-spyware/enrocrypt

Affected ranges

Type: GIT
Repo: https://github.com/metamorphic-spyware/enrocrypt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e652d56ac60eadfc26489ab83927af13a9b9d8ce

Type: GIT
Repo: https://github.com/morgan-phoenix/enrocrypt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cf883225a06bac73c564cff83af5e3f9386de116

Affected versions

1.*

1.1.3

V1.*

V1.0.7

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.1.0

v1.1.1

v1.1.2