Описание
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-openpgp | itp | package |
EPSS
Процентиль: 58%
0.00362
Низкий
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
EPSS
Процентиль: 58%
0.00362
Низкий