-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from using AES in ECB mode as shown in the pre-patch code. The commit diff explicitly shows both aesEncrypt and aesDecrypt were modified to switch from ECB (AES.new(key) default) to CTR mode. The original implementation's lack of mode specification and explicit ECB usage via block padding ('data + " " * (16 - (len(data) % 16))') confirms the vulnerable pattern. These functions directly implemented the weak cryptographic practice described in CWE-326.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| beaker | pip | < 1.6.4 | 1.6.4 |
Ongoing coverage of React2Shell