CVE-2021-39182
Improper hashing in enrocrypt
7.5
HIGH
CVSS 3.1
EPSS 0.08%
Description
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
How to fix CVE-2021-39182
To remediate CVE-2021-39182, upgrade the affected package to a fixed version below.
- —upgrade to 1.1.4 or later
- —upgrade to e652d56ac60eadfc26489ab83927af13a9b9d8ce or later
Is CVE-2021-39182 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.1.4
- from 0, < e652d56ac60eadfc26489ab83927af13a9b9d8ce | from 0, < 1.1.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |