npm package
ssb-db
pkg:npm/ssb-db
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-4045 | Hig | 7.5 | >= 20.0.0, < 20.0.1 | 20.0.1 | Jun 11, 2020 | SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of priva |
- affected >= 20.0.0, < 20.0.1fixed 20.0.1
SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of priva