PT-2020-21567 — Use of a Broken Cryptographic Algorithm in Scrapy Parsel

PT-2020-21567 · Scrapy · Parsel

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions parsel versions (affected versions not specified)

Description The issue concerns the use of an insecure cryptography algorithm in the package. Specifically, it uses aes-256-cbc without integrity checks, making the ciphertext vulnerable to bit-flipping attacks.

Recommendations Consider using an alternative package as the current package is deprecated and will not be updated.

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

GHSA-WQGX-4Q47-J2W5

Affected Products

Parsel

PT-2020-21567 · Scrapy · Parsel

Weakness Enumeration

Related Identifiers

Affected Products

References · 2