3 matches found
GHSA-8QFF-QR5Q-5PR8 OpenPGP.js's message signature verification can be spoofed
Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the openpgp.verify or openpgp.decrypt functions. An attacker can manipulate the message content to...
Openpgp.js 's2k.js' Security Bypass Vulnerability
Openpgp.js is a library that implements the OpenPGP encryption algorithm in JavaScript. A security bypass vulnerability exists in Openpgp.js. An attacker can exploit this vulnerability to gain access to sensitive information and perform unauthorized operations...