Insecure Cryptography Algorithmparsel
All versions of
parsel use an insecure cryptography algorithm. The package uses
aes-256-cbc without integrity checks, which renders the ciphertext vulnerable to bit-flipping attacks.
The package is deprecated and will not be updated. Consider using an alternative package.
publishedAdvisory PublishedJan 23rd, 2020
reportedReported by Salesforce Product SecurityJan 23rd, 2020