Advisories for Composer/Ilicmiljan/Secure-Props package

2024

[TagAwareCipher] - Decryption Failure (Regex Match)

Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement TagAwareCipher with …