The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade aes-gcm
to version 0.10.3 or higher.
aes-gcm is an implementation of the AES-GCM Authenticated Encryption with Associated Data (AEAD) cipher
Affected versions of this package are vulnerable to Information Exposure in the decrypt_in_place_detached()
function that allows a user to expose the decrypted ciphertext even if tag verification fails, by accessing the buffer after decryption failure. This may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery.