Webthings RESTful API for Awox's "SmartLight" (SKRLm-c9-E27).
Home Page: https://mastodon.social/@rzr/104246455002891688
License: MIT License
Sr Sofware Enginneer #OpenToWork (OpenSource, IoT, R&D, Embedded, Linux and more)
Here are some ideas to get you started:
๐ญ Iโm currently working on
๐ซ How to reach me:
Vulnerable Library - pycrypto-2.6.1.tar.gzCryptographic modules for Python.
Library home page: https://files.pythonhosted.org/packages/60/db/645aa9af249f059cc3a368b118de33889219e0362141e75d4eaf6f80f163/pycrypto-2.6.1.tar.gz
Path to dependency file: /tmp/ws-scm/awox-mesh-light-webthing/requirements.txt
Path to vulnerable library: /tmp/ws-scm/awox-mesh-light-webthing/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 858eac55dab133db6957ec0e6aa4e32e2171676c
Vulnerability Details
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Publish Date: 2017-02-15
URL: CVE-2013-7459
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201702-14
Release Date: 2017-02-20
Fix Resolution: All PyCrypto users should upgrade to the latest version >= pycrypto-2.6.1-r2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - pycrypto-2.6.1.tar.gzCryptographic modules for Python.
Library home page: https://files.pythonhosted.org/packages/60/db/645aa9af249f059cc3a368b118de33889219e0362141e75d4eaf6f80f163/pycrypto-2.6.1.tar.gz
Path to dependency file: /tmp/ws-scm/awox-mesh-light-webthing/requirements.txt
Path to vulnerable library: /tmp/ws-scm/awox-mesh-light-webthing/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 858eac55dab133db6957ec0e6aa4e32e2171676c
Vulnerability Details
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
Publish Date: 2018-02-03
URL: CVE-2018-6594
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
