PyPI package
beaker
pkg:pypi/beaker
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-7489 | — | <= 1.11.0 | — | Jun 26, 2020 | The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | ||
| CVE-2012-3458 | — | < 1.6.4 | 1.6.4 | Sep 15, 2012 | Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. |
- CVE-2013-7489Jun 26, 2020affected <= 1.11.0
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
- CVE-2012-3458Sep 15, 2012affected < 1.6.4fixed 1.6.4
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.