Identifier

CVE-2020-4045

Package Slug

npm/ssb-db

Vulnerability

Information Exposure

Description

SSB-DB has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can.

Affected Versions

Version 20.0.0

Solution

Upgrade to version 20.0.1 or above.

Last Modified

2020-06-18

source