Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ

Moderate EPSS: 0.00434% (0.61645 Percentile) EPSS:
Permalink JSON

pubnub Insufficient Entropy vulnerability

Affected Packages Affected Versions Fixed Versions
go:github.com/pubnub/go/v5
PURL: pkg:go/github.com%2Fpubnub%2Fgo%2Fv5
< 5.0.4-0.20231016150651-428517fef5b9 5.0.4-0.20231016150651-428517fef5b9
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

5.0.0, 5.0.1, 5.0.2, 5.0.3

All unaffected versions
go:github.com/pubnub/go/v6
PURL: pkg:go/github.com%2Fpubnub%2Fgo%2Fv6
< 6.1.1-0.20231016150651-428517fef5b9 6.1.1-0.20231016150651-428517fef5b9
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

6.0.0, 6.0.1, 6.0.2, 6.1.0

All unaffected versions
go:github.com/pubnub/go
PURL: pkg:go/github.com%2Fpubnub%2Fgo
< 0.0.0-20231016150651-428517fef5b9 0.0.0-20231016150651-428517fef5b9
11 Dependent packages
9 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

3.7.0, 3.7.1, 3.9.3, 3.9.4, 3.10.0, 3.11.0, 3.12.0, 3.13.0, 3.14.0, 3.15.0, 3.16.0, 3.16.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.0, 4.3.1, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.7.0, 4.8.0, 4.9.0, 4.9.1, 4.10.0
swift:github.com/pubnub/swift < 6.2.0 6.2.0
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

1.0.0, 1.1.0, 1.2.0, 1.2.1, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 3.0.1, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.0.1, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.1.0

All unaffected versions

6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 7.0.0, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.3.0, 8.3.1, 9.0.0, 9.0.1, 9.1.0, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1, 9.3.2, 9.3.3
pypi:pubnub
PURL: pkg:pypi/pubnub
< 7.3.0 7.3.0
10 Dependent packages
192 Dependent repositories
122,831 Downloads last month

Affected Version Ranges

All affected versions

3.3.1, 3.3.2, 3.3.4, 3.3.5, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.1.0, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.2.0, 4.2.1, 4.3.0, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.6.0, 4.6.1, 4.7.0, 4.8.0, 4.8.1, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.3.0, 5.3.1, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.2.0

All unaffected versions

7.3.0, 7.3.1, 7.3.2, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 8.0.0, 8.1.0, 9.0.0, 9.1.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.4.1
pub:pubnub < 4.3.0 4.3.0
5 Dependent packages
17 Dependent repositories

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 2.0.0, 2.0.1, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.1, 4.2.2, 4.2.3, 4.2.4

All unaffected versions

4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 6.0.0, 6.0.1
packagist:pubnub/pubnub < 6.1.0 6.1.0
19 Dependent packages
66 Dependent repositories
3,818,093 Downloads total

Affected Version Ranges

All affected versions

3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.8.0, 3.8.1, 3.8.3, 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.7, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 5.0.0, 5.1.0, 6.0.0, 6.0.1

All unaffected versions

6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.3.0, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.4.0, 8.0.0, 8.0.1, 8.0.2
cargo:pubnub
PURL: pkg:cargo/pubnub
< 0.4.0 0.4.0
0 Dependent packages
0 Dependent repositories
12,048 Downloads total

Affected Version Ranges

All affected versions

0.2.0, 0.2.1, 0.3.0

All unaffected versions

0.4.0, 0.4.1, 0.5.0, 0.6.0
rubygems:pubnub
PURL: pkg:gem/pubnub
< 5.3.0 5.3.0
12 Dependent packages
116 Dependent repositories
7,611,744 Downloads total

Affected Version Ranges

All affected versions

0.1.2, 0.1.4, 0.1.5, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 3.4.1, 3.5.1, 3.5.3, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.12, 3.5.14, 3.6.7, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.5, 3.7.7, 3.7.9, 3.7.10, 3.7.11, 3.7.12, 3.8.0, 3.8.1, 3.8.2, 3.8.4, 3.8.5, 4.0.0, 4.0.1, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.25, 4.0.27, 4.0.28, 4.1.0, 4.1.2, 4.1.5, 4.1.6, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.8.0, 5.0.0, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2

All unaffected versions

5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.4.0, 5.5.0
nuget:Pubnub
PURL: pkg:nuget/Pubnub
< 6.19.0 6.19.0
2 Dependent packages
0 Dependent repositories
786,261 Downloads total

Affected Version Ranges

All affected versions

3.0.0, 3.7.0, 3.7.3, 3.7.5, 3.7.6, 3.7.7, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 4.0.2, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.0.25, 4.0.26, 4.0.27, 4.0.28, 4.0.29, 4.0.30, 4.0.31, 4.0.32, 4.0.33, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.11.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 5.0.0, 5.0.1, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.5.0, 6.6.0, 6.7.0, 6.8.0, 6.9.0, 6.10.0, 6.11.0, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.16.0, 6.17.0, 6.18.0

All unaffected versions

6.19.0, 6.19.1, 6.19.2, 6.19.3, 6.19.4, 6.19.5, 6.19.6, 6.19.7, 6.20.0, 6.20.1, 6.20.2, 7.0.0, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.10, 7.3.11, 7.3.12, 7.3.13, 7.3.14, 7.3.15, 7.4.0, 7.4.1, 7.5.0
go:github.com/pubnub/go/v7
PURL: pkg:go/github.com%2Fpubnub%2Fgo%2Fv7
< 7.2.0 7.2.0
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2

All unaffected versions

7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4
maven:com.pubnub:pubnub <= 4.6.5 No known fixed version
7 Dependent packages
35 Dependent repositories

Affected Version Ranges

All affected versions

3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.7.10, 3.7.11, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.1.0, 4.2.0, 4.2.2, 4.2.3, 4.6.5
maven:com.pubnub:pubnub-kotlin < 7.7.0 7.7.0
9 Dependent packages
5 Dependent repositories

Affected Version Ranges

All affected versions

4.0.0, 4.0.1, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.1.0, 6.2.0, 6.3.0, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.3.0, 7.3.1, 7.3.2, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.5.0, 7.6.0

All unaffected versions

7.7.0, 7.7.1, 7.7.2, 7.7.3, 7.7.4, 7.8.0, 7.8.1, 8.0.0, 9.0.0, 9.1.0, 9.1.1, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8
npm:pubnub
PURL: pkg:npm/pubnub
< 7.4.0 7.4.0
226 Dependent packages
3,759 Dependent repositories
720,005 Downloads last month

Affected Version Ranges

All affected versions

3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.3.1, 3.4.4, 3.5.3, 3.5.4, 3.5.43, 3.5.45, 3.5.47, 3.5.48, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.7.0, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.7.10, 3.7.11, 3.7.12, 3.7.13, 3.7.14, 3.7.15, 3.7.16, 3.7.17, 3.7.18, 3.7.19, 3.7.20, 3.7.21, 3.7.22, 3.7.23, 3.8.0, 3.9.0, 3.9.1, 3.9.2, 3.10.0, 3.10.2, 3.10.3, 3.11.0, 3.12.0, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 3.14.7, 3.15.0, 3.15.1, 3.15.2, 3.16.0, 3.16.1, 3.16.3, 3.16.4, 3.16.5, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.5, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.9.1, 4.10.0, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.15.1, 4.16.1, 4.16.2, 4.17.0, 4.18.0, 4.19.0, 4.20.0, 4.20.1, 4.20.2, 4.20.3, 4.21.0, 4.21.1, 4.21.2, 4.21.5, 4.21.6, 4.21.7, 4.22.0, 4.23.0, 4.24.0, 4.24.1, 4.24.2, 4.24.3, 4.24.4, 4.24.5, 4.24.6, 4.25.0, 4.25.1, 4.25.2, 4.26.0, 4.26.1, 4.27.0, 4.27.1, 4.27.2, 4.27.3, 4.27.4, 4.27.5, 4.27.6, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.28.4, 4.29.0, 4.29.1, 4.29.2, 4.29.3, 4.29.4, 4.29.5, 4.29.6, 4.29.7, 4.29.8, 4.29.9, 4.29.10, 4.29.11, 4.30.0, 4.30.1, 4.31.0, 4.32.0, 4.32.1, 4.33.0, 4.33.1, 4.34.0, 4.34.1, 4.34.2, 4.35.0, 4.36.0, 4.37.0, 5.0.0, 5.0.1, 7.0.0, 7.0.1, 7.1.1, 7.1.2, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.3.0, 7.3.1, 7.3.2, 7.3.3

All unaffected versions

7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.5.0, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 8.0.0, 8.0.1, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.5.0, 8.6.0, 8.7.0, 8.7.1, 8.8.0, 8.8.1, 8.9.0, 8.9.1, 8.10.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.3.1, 9.3.2, 9.4.0, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.1, 9.6.2, 9.7.0, 9.8.0, 9.8.1, 9.8.3, 9.8.4, 9.9.0

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.

Note:

In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.

References:

Identifiers

GHSA-5844-q3fc-56rh

CVE-2023-26154

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00434

EPSS Percentile: 0.61645

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/pubnub/javascript

Date and time

Published

over 1 year ago

Updated

about 1 month ago

API

JSON