CVE-2020-13757: Use of a Broken or Risky Cryptographic Algorithm
(updated )
Python-RSA ignores leading \0
bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
References
Detect and mitigate CVE-2020-13757 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →