Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxZ3gtNHE0Ny1qMnc1

Insecure Cryptography Algorithm in parsel

All versions of parsel use an insecure cryptography algorithm. The package uses aes-256-cbc without integrity checks, which renders the ciphertext vulnerable to bit-flipping attacks.

Recommendation

The package is deprecated and will not be updated. Consider using an alternative package.

Permalink: https://github.com/advisories/GHSA-wqgx-4q47-j2w5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxZ3gtNHE0Ny1qMnc1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: about 2 years ago

Identifiers: GHSA-wqgx-4q47-j2w5
References:

Blast Radius: 0.0

Affected Packages

npm:parsel

Dependent packages: 1
Dependent repositories: 24
Downloads: 60 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.3.0