Alexp

**Name of the Vulnerable Software and Affected Versions** cryptography versions 1.8 through the latest version before the fix **Description** The issue is related to the `Cipher.update into` function in the cryptography package, which would accept Python objects that implement the buffer protocol but provide only immutable buffers. This could allow immutable objects, such as `bytes`, to be mutated, violating fundamental rules of Python and resulting in corrupted output. The function now correctly raises an exception. This issue has been present since `update into` was originally introduced in cryptography 1.8. **Recommendations** For cryptography versions 1.8 through the latest version before the fix, update to a version where the `Cipher.update into` function correctly raises an exception for immutable buffers. As a temporary workaround, consider avoiding the use of `Cipher.update into` with immutable objects until a patch is available. Restrict access to the `Cipher.update into` function to minimize the risk of exploitation. Avoid using immutable objects, such as `bytes`, with the `Cipher.update into` function until the issue is resolved.