Description
A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed.
This flaw allows signature verifications of inline (non-detached) signed messages (using openpgp.verify) and signed-and-encrypted messages (using openpgp.decrypt with verificationKeys) to be spoofed, since both functions return extracted data that may not match the data that was originally signed.
Recommendation
Update the openpgp package to the latest compatible version. Followings are version details:
Affected version(s): **>= 6.0.0-alpha.0, <= 6.1.0 >= 5.0.1, <= 5.11.2** Patched version(s): **6.1.1 5.11.3**
References
Related Issues
- Cleartext Signed Message Signature Spoofing in openpgp - CVE-2023-41037
- Message Signature Bypass in openpgp - CVE-2019-9153
- Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to - CVE-2024-39691
- Improper Verification of Cryptographic Signature in `node-forge` (GHSA-2r2c-g63r-vccr) - CVE-2022-24773
- Tags:
- npm
- openpgp
Anything's wrong? Let us know Last updated on May 19, 2025