Highterrafrost

**Name of the Vulnerable Software and Affected Versions** phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 **Description** phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a padding oracle timing attack when using AES in CBC mode. The issue has been addressed in versions 1.0.27, 2.0.52, and 3.0.50. **Recommendations** phpseclib versions 1.0.26 and below: Update to version 1.0.27 or later. phpseclib versions 2.0.0 through 2.0.51: Update to version 2.0.52 or later. phpseclib versions 3.0.0 through 3.0.49: Update to version 3.0.50 or later. As an alternative, use AES in CTR, CFB, or OFB modes.