Andreer

**Name of the Vulnerable Software and Affected Versions** cbor2 versions 3.0.0 through 5.7.0 **Description** cbor2 is a library for encoding and decoding the Concise Binary Object Representation (CBOR) serialization format. A flaw exists where, when a `CBORDecoder` instance is reused across multiple decode operations, values tagged as shareable (tag 28) remain in memory. These values can then be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. **Recommendations** Update to version 5.8.0 or later.