Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05MndwLWpnaHItaGg4N84AA8yL

Weak encryption in Ninja Core

The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.

Permalink: https://github.com/advisories/GHSA-92wp-jghr-hh87
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MndwLWpnaHItaGg4N84AA8yL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago

Identifiers: GHSA-92wp-jghr-hh87, CVE-2024-36823
References:

https://nvd.nist.gov/vuln/detail/CVE-2024-36823
https://github.com/ninjaframework/ninja/issues/759
https://github.com/advisories/GHSA-92wp-jghr-hh87

Repository: https://github.com/ninjaframework/ninja
Blast Radius: 0.0

Affected Packages

maven:org.ninjaframework:ninja-core

Dependent packages: 65
Dependent repositories: 48
Downloads:
Affected Version Ranges: = 7.0.0
No known fixed version
All affected versions: 7.0.0