VYPR

npm package

ssb-db

pkg:npm/ssb-db

Vulnerabilities (1)

  • CVE-2020-4045HigJun 11, 2020
    affected >= 20.0.0, < 20.0.1fixed 20.0.1

    SSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of priva