GMS-2020-425: Insecure Cryptography Algorithm in parsel

September 4, 2020 (updated October 4, 2021)

All versions of parsel use an insecure cryptography algorithm. The package uses aes-256-cbc without integrity checks, which renders the ciphertext vulnerable to bit-flipping attacks. The package is deprecated and will not be updated. Consider using an alternative package.

References

github.com/advisories/GHSA-wqgx-4q47-j2w5
www.npmjs.com/advisories/1461

Code Behaviors & Features

Detect and mitigate GMS-2020-425 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →