openssl is a package that wraps the OpenSSL library.
Affected versions of this package are vulnerable to Insecure Initialization Vector.
The openssl gem for Ruby uses the same initialization vector (IV) in
(aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
openssl to version 2.0.0 or higher.