Code injection

2019-08-0821:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

The “Security and Privacy” Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.

CPENameOperatorVersion
mailpileeq0.5.2
mailpileeq0.5.1
mailpileeq0.5.0
mailpileeq1.0.0 rc2
mailpileeq1.0.0 rc1
mailpileeq1.0.0 rc0
mailpileeq1.0.0 rc3

Name	Operator	Version
mailpile	eq	0.5.2
mailpile	eq	0.5.1
mailpile	eq	0.5.0
mailpile	eq	1.0.0 rc2
mailpile	eq	1.0.0 rc1
mailpile	eq	1.0.0 rc0
mailpile	eq	1.0.0 rc3

References

github.com/mailpile/Mailpile/commit/49b64f62ade9ade3dff9337c7bbc1171eab3d59e

github.com/mailpile/Mailpile/compare/1.0.0rc3...1.0.0rc4

github.com/mailpile/Mailpile/pull/2145