2 matches found
CVE-2019-9148
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key...
CVE-2019-9148
Mailvelope is affected up to version 3.2.x; the vulnerability arises from importing invalid PGP keys during key import. Specifically, Mailvelope accepts or operates with keys that contain users without a valid self-certification and does not reject clearly invalid keys during import, enabling an ...