openpgp@4.2.0 vulnerabilities
OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.
-
latest version
5.11.1
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the openpgp package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the Note:
This is only exploitable if the user or application verifies the How to fix Improper Verification of Cryptographic Signature? Upgrade |
<4.10.11
>=5.0.0 <5.10.1
|
openpgp is a JavaScript implementation of the OpenPGP protocol. Affected versions of this package are vulnerable to Invalid Curve Attack. It allows an attacker, who is already able provide forged messages and gain feedback about whether decryption of these messages succeeded, to conduct an invalid curve attack in order to gain the victim's ECDH private key. How to fix Invalid Curve Attack? Upgrade |
<4.2.1
|