python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalize_with_tag
API allows an attacker to forge a GCM
tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage.