CVE-2023-48053

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-48053

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48053.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-48053

Published

2023-11-16T18:15:07.297Z

Modified

2025-11-15T06:59:23.817518Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

References

https://gxx777.github.io/Archery_v1.10.0_Cryptographic_API_Misuse_Vulnerability.md

Affected packages

Git / github.com/hhyo/archery

Affected ranges

Type: GIT
Repo: https://github.com/hhyo/archery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bc86cda4c3b7d59f759d0d23bb63a54f52616752

Affected versions

v1.*

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.7

v1.2.0

v1.2.0Beta

v1.2.0Beta2

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.5

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.7.0

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48053.json"