PYSEC-2022-42997

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/passeo/PYSEC-2022-42997.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-42997

Aliases

Published

2022-12-06T18:15:00Z

Modified

2023-11-01T04:57:51.867909Z

Summary

[none]

Details

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

PyPI / passeo

Package

Name: passeo; View open source insights on deps.dev
Purl: pkg:pypi/passeo

Affected ranges

Type: GIT
Repo: https://github.com/ArjunSharda/Passeo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8caa798b6bc4647dca59b2376204b6dc6176361a

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.5

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4