Snyk has a published code exploit for this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cryptographic Issues vulnerabilities in an interactive lesson.
Start learningUpgrade openpgp
to version 0.10.0 or higher.
openpgp is a JavaScript implementation of the OpenPGP protocol.
Affected versions of this package are vulnerable to Cryptographic Issues. Chosen-ciphertext attacks are possible since compression is not supported in openpgp.write_encrypted_message.