passlib@1.7.1 vulnerabilities

comprehensive password hashing framework supporting over 30 schemes

Known vulnerabilities in the passlib package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cryptographic Weakness Affected versions of this package are vulnerable to Cryptographic Weakness. The `SHA-256` prehash is unsalted, meaning the resulting `bcrypt` digest is vulnerable to breach correlation attacks. How to fix Cryptographic Weakness? Upgrade `passlib` to version 1.7.3 or higher.	[,1.7.3)