s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| openpgp(npm) | 0 | 1.3.0 | N/A |
CVSS Metrics
