[MAVEN:GHSA-2J2X-HX4G-2GF4] In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
| Package | Affected Version |
|---|---|
 pkg:maven/org.bouncycastle/bcprov-jdk15
|
< 1.56 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
< 1.56 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.bouncycastle/bcprov-jdk15
|
= 1.56 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
= 1.56 |
- ID
- MAVEN:GHSA-2J2X-HX4G-2GF4
- Severity
- high
- URL
- https://github.com/advisories/GHSA-2j2x-hx4g-2gf4
- Published
-
2018-10-18T17:43:55
(6 years ago) - Modified
-
2023-01-09T05:02:49
(20 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle |
bcprov-jdk15
|
< 1.56 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk15 | org.bouncycastle |
bcprov-jdk15
|
= 1.56 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
< 1.56 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
= 1.56 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |