PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

Affected Packages

PyPI pypinksign

Affected versions: 0 (last affected: 0.5.1)

Related CVEs

CVE-2023-48056

Key Information

GHSA ID

GHSA-fxff-wxxv-c2jc

Published

November 16, 2023 6:30 PM

Last Modified

October 14, 2024 5:04 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

pypinksign

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.