Cryptographic Issues Affecting pulpcore package, versions [,3.11.0)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PULPCORE-1300050
- published 4 Jun 2021
- disclosed 4 Jun 2021
- credit Unknown
How to fix?
Upgrade pulpcore
to version 3.11.0 or higher.
Overview
pulpcore is a Pulp Django Application and Related Modules
Affected versions of this package are vulnerable to Cryptographic Issues via the use of MD5 and SHA1 checksums by default, which are not secure.