CVE-2016-7798: Cryptographic Issues

January 30, 2017 (updated July 15, 2018)

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

References

www.securityfocus.com/bid/93031
nvd.nist.gov/vuln/detail/CVE-2016-7798

Code Behaviors & Features

Detect and mitigate CVE-2016-7798 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →