parsel@0.3.0 vulnerabilities

Encrypt and decrypt data with a given key.

latest version

0.3.0
first published

12 years ago
latest version published

9 years ago
licenses detected
- Unknown
  >=0
View parsel package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the parsel package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Insecure Encryption parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in `parsel.rb`, the initialisation vector used by the library is set to the hardcoded value in L10 of `config.rb`. This makes the cipher vulnerable to chosen plaintext attacks and data leakage within the first block. How to fix Insecure Encryption? There is no fixed version for `parsel`.	>=0.0.0
H Insecure Encryption parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct length. This allows for the use of weak key material without appropriate key stretching. How to fix Insecure Encryption? There is no fixed version for `parsel`.	>=0.0.0

Insecure Encryption

parsel is a library that allows you to encrypt and decrypt data with a given key.

Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set to the hardcoded value in L10 of config.rb. This makes the cipher vulnerable to chosen plaintext attacks and data leakage within the first block.

How to fix Insecure Encryption?

There is no fixed version for parsel.

>=0.0.0

Insecure Encryption

parsel is a library that allows you to encrypt and decrypt data with a given key.

Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct length. This allows for the use of weak key material without appropriate key stretching.

How to fix Insecure Encryption?

There is no fixed version for parsel.

>=0.0.0

Go back to all versions of this package

parsel@0.3.0 vulnerabilities

Encrypt and decrypt data with a given key.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities