2 matches found
pgpbuilder (>=0.3.6 <=0.6.0), pgpmailer (>=0.3.8 <=0.9.1) +5 more potentially affected by CVE-2015-8013 via openpgp (>=0.11.1 <=0.8.2)
openpgp NPM version =0.11.1, =0.3.6, =0.3.8, =0.0.1, =0.1.0, =0.5.6, =0.15.0, =0.24.1 Source cves: CVE-2015-8013 Source advisory: OSV:GHSA-QMVQ-F3FJ-M3WG...
CVE-2015-8013
CVE-2015-8013 concerns s2k.js in OpenPGP.js, where crafted PGP keys can be decrypted regardless of the provided passphrase, enabling an attacker to bypass authentication if message decryption is used as an authentication mechanism. The concrete technical detail across the connected documents iden...