Ilicmiljan

**Name of the Vulnerable Software and Affected Versions** SecureProps versions 1.2.0 through 1.2.1 **Description** A vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as ` `. As a result, the decryption process is skipped since the tags are not detected, causing the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). **Recommendations** For SecureProps versions 1.2.0 and 1.2.1, update to version 1.2.2 to resolve the issue. As a temporary workaround, consider using the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic.