CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

Date published : 2017-04-19

http://www.securityfocus.com/bid/98035

https://github.com/Gurpartap/aescrypt/issues/4