Severity: critical

Insecure Cryptography Algorithm

parsel

Overview

All versions of parsel use an insecure cryptography algorithm. The package uses aes-256-cbc without integrity checks, which renders the ciphertext vulnerable to bit-flipping attacks.

Remediation

The package is deprecated and will not be updated. Consider using an alternative package.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 23rd, 2020
  2. reported

    Reported by Salesforce Product Security
    Jan 23rd, 2020