High severity7.5NVD Advisory· Published Aug 9, 2017· Updated Jun 17, 2026
CVE-2015-7764
CVE-2015-7764
Description
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lemurPyPI | < 0.1.5 | 0.1.5 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-2-compatpkg:apk/chainguard/airflow-2-iamguarded-compatpkg:pypi/lemur
< 2.11.0-r15+ 3 more
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 2.11.0-r15
- (no CPE)range: < 0.1.5
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2015/10/20/3nvdMailing ListThird Party AdvisoryWEB
- github.com/Netflix/lemur/issues/117nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-chg9-3c3p-ch23ghsaADVISORY
- github.com/kvesteri/sqlalchemy-utils/issues/166nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-7764ghsaADVISORY
- github.com/Netflix/lemur/commit/394e18f76e5eb534d95160945ebc231ec3b4c794ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/lemur/PYSEC-2017-50.yamlghsaWEB
News mentions
0No linked articles in our index yet.