Filtered by vendor Cocoon
Subscriptions
Filtered by product Cocoon
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21530 | 1 Cocoon | 1 Cocoon | 2024-10-04 | 4.5 Medium |
| Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. | ||||
Page 1 of 1.