CVE-2015-7764

HIGH

Lemur 0.1.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

References (3)

Scores

CVSS v3 7.5
EPSS 0.0034
EPSS Percentile 57.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-331
Status published
Products (2)
netflix/lemur 0.1.4
pypi/lemur 0 - 0.1.5PyPI
Published Aug 09, 2017
Tracked Since Feb 18, 2026