esptool@3.0 vulnerabilities

A serial utility to communicate & flash code to Espressif chips.

Direct Vulnerabilities

Known vulnerabilities in the esptool package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Inadequate Encryption Strength

esptool is an A serial utility to communicate & flash code to Espressif chips.

Affected versions of this package are vulnerable to Inadequate Encryption Strength in the AES ECB used for initialization. An attacker can view sensitive information by exploiting this weakness.

How to fix Inadequate Encryption Strength?

There is no fixed version for esptool.

[0,)