VYPR
Medium severity5.3NVD Advisory· Published Jul 9, 2019· Updated Jun 17, 2026

CVE-2019-9150

CVE-2019-9150

Description

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. This functionality can be tricked to either hide a key import from the user or obscure which key was imported.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.