Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-9154

Published: 22/08/2019 Updated: 30/08/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Openpgpjs

Vulnerability Summary

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to pass off unsigned data as signed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openpgpjs openpgpjs

Mailing Lists

Full Disclosure: SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGP.js
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190822-0 :: Multiple Vulnerabilities in OpenPGPjs <!--X-Subject-Header-End--> <!--X-Head-of-Message- ...

References

CWE-347https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1https://github.com/openpgpjs/openpgpjs/pull/797http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.htmlhttps://nvd.nist.govhttp://seclists.org/fulldisclosure/2019/Aug/18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook