3 matches found
CVE-2023-41037
creationtimestamp| type| source ---|---|--- 2023-08-29 20:17:35+00:00| seen| https://t.me/cibsecurity/69360...
@blackdark/hashicorp-js-releases (=1.4.7), @cythral/renovate (>=0.1.6 <=0.1.7) +6 more potentially affected by CVE-2023-41037 via openpgp (>=5.0.0 <=5.0.1)
openpgp NPM version =5.0.0, =0.1.6, =1.1.15, =1.1.46, =1.32.0, =27.31.10, =1.35.0, =1.29.0, =1.30.0 Source cves: CVE-2023-41037 Source advisory: OSV:GHSA-CH3C-V47X-4PGP...
CVE-2023-41037
OpenPGP.js vulnerability (CVE-2023-41037) in Cleartext Signed Messages: versions up to 5.9.0 ignore data before the Hash: header, enabling text insertion that appears signed. Impact arises if an app verifies only verificationResult.verified and visually trusts the message; otherwise, verified dat...