[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-11841":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":42,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":57,"related":58,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":74,"kevs":144,"epss":145,"epss_history":148,"metrics":408,"affected":421},"CVE-2019-11841","A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional \"Hash\" Armor Headers. The \"Hash\" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-347","Improper Verification of Cryptographic Signature","The product does not verify, or incorrectly verifies, the cryptographic signature for data.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-463","Padding Oracle Crypto Attack",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[28,37],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_0917B807D177FCC4","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html","unknown",0.2,false,[],{"_key":38,"name":39,"source":31,"url":40,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":41,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_E94B4BA449ED52FF","Exploit Reference (sec-consult.com)","https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/",[],[43,44],"GHSA-x3jr-pf6g-c48f","GO-2023-1992",[],[47,49,51,53,55],{"_key":48},"UBUNTU-CVE-2019-11841",{"_key":50},"DLA-1920-1",{"_key":52},"DLA-2402-1",{"_key":54},"DLA-3455-1",{"_key":56},"DEBIAN-CVE-2019-11841",[],[59,61],{"_key":60},"CGA-56VR-2GW4-98C6",{"_key":62},"CGA-CQ4C-PMHG-4723","2019-05-22T00:00:00.000Z","2024-08-04T23:03:32.829Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":67,"epss_score":68,"severity":69,"severity_score":70,"severity_version":71,"severity_source":72,"severity_vector":73,"severity_status":65},"low",0.00397,"medium",5.9,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",[75,81,86,93,96,101,105,109,114,118,123,128,132,136,140],{"url":76,"sources":77,"tags":79},"https://sec-consult.com/",[78,72],"cve.org",[80],"Third Party Advisory",{"url":82,"sources":83,"tags":84},"https://go.googlesource.com/crypto/",[78,72],[85,80],"Product",{"url":32,"sources":87,"tags":89},[78,72,88],"osv_go",[90,80,91,92],"Exploit","VDB Entry","WEB",{"url":40,"sources":94,"tags":95},[78,72],[90,80],{"url":97,"sources":98,"tags":99},"https://lists.debian.org/debian-lts-announce/2019/09/msg00011.html",[78,72,88],[100,80,92],"Mailing List",{"url":102,"sources":103,"tags":104},"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html",[78,72,88],[100,80,92],{"url":106,"sources":107,"tags":108},"https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html",[78,72,88],[100,92],{"url":110,"sources":111,"tags":112},"https://nvd.nist.gov/vuln/detail/CVE-2019-11841",[88],[113],"Advisory",{"url":115,"sources":116,"tags":117},"https://github.com/golang/crypto/commit/c05e17bb3b2dca130fc919668a96b4bec9eb9442",[88],[92],{"url":119,"sources":120,"tags":121},"https://github.com/golang/crypto/tree/master/openpgp/clearsign",[88],[122],"PACKAGE",{"url":124,"sources":125,"tags":126},"https://go-review.git.corp.google.com/c/crypto/+/173778",[88],[92,127],"FIX",{"url":129,"sources":130,"tags":131},"https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442",[88],[92,127],{"url":133,"sources":134,"tags":135},"https://groups.google.com/d/msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ",[88],[92],{"url":137,"sources":138,"tags":139},"https://pkg.go.dev/vuln/GO-2023-1992",[88],[92],{"url":141,"sources":142,"tags":143},"https://web.archive.org/web/20201207161832/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841",[88],[92],[],{"date":146,"score":68,"percentile":147},"2026-06-04",0.60867,[149,153,156,159,162,165,168,171,174,177,180,183,186,188,191,195,198,201,204,206,209,212,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,261,264,266,269,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,356,359,362,365,368,371,374,376,378,381,384,387,390,393,395,398,400,402,405],{"date":150,"score":151,"percentile":152},"2025-11-04",0.0039,0.59361,{"date":154,"score":151,"percentile":155},"2025-11-05",0.59346,{"date":157,"score":151,"percentile":158},"2025-11-06",0.5935,{"date":160,"score":151,"percentile":161},"2025-11-07",0.59369,{"date":163,"score":151,"percentile":164},"2025-11-08",0.59368,{"date":166,"score":151,"percentile":167},"2025-11-09",0.5936,{"date":169,"score":151,"percentile":170},"2025-11-10",0.59336,{"date":172,"score":151,"percentile":173},"2025-11-11",0.59348,{"date":175,"score":151,"percentile":176},"2025-11-12",0.59372,{"date":178,"score":151,"percentile":179},"2025-11-13",0.59378,{"date":181,"score":151,"percentile":182},"2025-11-14",0.59384,{"date":184,"score":151,"percentile":185},"2025-11-15",0.59374,{"date":187,"score":151,"percentile":167},"2025-11-16",{"date":189,"score":151,"percentile":190},"2025-11-17",0.59359,{"date":192,"score":193,"percentile":194},"2025-11-18",0.00431,0.5987,{"date":196,"score":193,"percentile":197},"2025-11-19",0.59883,{"date":199,"score":193,"percentile":200},"2025-11-20",0.59872,{"date":202,"score":151,"percentile":203},"2025-11-21",0.59373,{"date":205,"score":151,"percentile":161},"2025-11-22",{"date":207,"score":151,"percentile":208},"2025-11-23",0.59345,{"date":210,"score":151,"percentile":211},"2025-11-24",0.59341,{"date":213,"score":151,"percentile":173},"2025-11-25",{"date":215,"score":151,"percentile":216},"2025-11-26",0.59347,{"date":218,"score":151,"percentile":219},"2025-11-27",0.59354,{"date":221,"score":151,"percentile":222},"2025-11-28",0.59329,{"date":224,"score":151,"percentile":225},"2025-11-29",0.59304,{"date":227,"score":151,"percentile":228},"2025-11-30",0.59292,{"date":230,"score":151,"percentile":231},"2025-12-01",0.59437,{"date":233,"score":151,"percentile":234},"2025-12-02",0.5945,{"date":236,"score":151,"percentile":237},"2025-12-03",0.59454,{"date":239,"score":151,"percentile":240},"2025-12-04",0.5929,{"date":242,"score":151,"percentile":243},"2025-12-05",0.59296,{"date":245,"score":151,"percentile":246},"2025-12-06",0.59288,{"date":248,"score":151,"percentile":249},"2025-12-07",0.59278,{"date":251,"score":151,"percentile":252},"2025-12-08",0.59281,{"date":254,"score":151,"percentile":255},"2025-12-09",0.59312,{"date":257,"score":151,"percentile":258},"2025-12-10",0.59364,{"date":260,"score":151,"percentile":182},"2025-12-11",{"date":262,"score":151,"percentile":263},"2025-12-12",0.59401,{"date":265,"score":151,"percentile":263},"2025-12-13",{"date":267,"score":151,"percentile":268},"2025-12-14",0.59396,{"date":270,"score":151,"percentile":176},"2025-12-15",{"date":272,"score":151,"percentile":273},"2025-12-16",0.59397,{"date":275,"score":151,"percentile":276},"2025-12-17",0.59414,{"date":278,"score":151,"percentile":234},"2025-12-18",{"date":280,"score":151,"percentile":281},"2025-12-19",0.59464,{"date":283,"score":151,"percentile":284},"2025-12-20",0.59465,{"date":286,"score":151,"percentile":287},"2025-12-21",0.59455,{"date":289,"score":151,"percentile":290},"2025-12-22",0.59446,{"date":292,"score":151,"percentile":293},"2025-12-23",0.59459,{"date":295,"score":151,"percentile":296},"2025-12-24",0.59467,{"date":298,"score":151,"percentile":299},"2025-12-25",0.59505,{"date":301,"score":151,"percentile":302},"2025-12-26",0.595,{"date":304,"score":151,"percentile":305},"2025-12-27",0.59553,{"date":307,"score":151,"percentile":308},"2025-12-28",0.59477,{"date":310,"score":151,"percentile":311},"2025-12-29",0.59469,{"date":313,"score":151,"percentile":314},"2025-12-30",0.59482,{"date":316,"score":151,"percentile":317},"2025-12-31",0.59508,{"date":319,"score":151,"percentile":320},"2026-01-01",0.59679,{"date":322,"score":151,"percentile":323},"2026-01-02",0.59665,{"date":325,"score":151,"percentile":326},"2026-01-03",0.59662,{"date":328,"score":151,"percentile":329},"2026-01-04",0.59488,{"date":331,"score":151,"percentile":332},"2026-01-05",0.59476,{"date":334,"score":151,"percentile":335},"2026-01-06",0.59483,{"date":337,"score":151,"percentile":338},"2026-01-07",0.59512,{"date":340,"score":151,"percentile":341},"2026-01-08",0.59536,{"date":343,"score":151,"percentile":344},"2026-01-09",0.59539,{"date":346,"score":151,"percentile":347},"2026-01-10",0.59534,{"date":349,"score":151,"percentile":350},"2026-01-11",0.59517,{"date":352,"score":151,"percentile":353},"2026-01-12",0.5949,{"date":355,"score":151,"percentile":281},"2026-01-13",{"date":357,"score":151,"percentile":358},"2026-01-14",0.59506,{"date":360,"score":151,"percentile":361},"2026-01-15",0.59507,{"date":363,"score":151,"percentile":364},"2026-01-16",0.59528,{"date":366,"score":151,"percentile":367},"2026-01-17",0.59523,{"date":369,"score":151,"percentile":370},"2026-01-18",0.5952,{"date":372,"score":151,"percentile":373},"2026-01-19",0.59501,{"date":375,"score":151,"percentile":358},"2026-01-20",{"date":377,"score":151,"percentile":317},"2026-01-21",{"date":379,"score":151,"percentile":380},"2026-01-22",0.59511,{"date":382,"score":151,"percentile":383},"2026-01-23",0.59554,{"date":385,"score":151,"percentile":386},"2026-01-24",0.59562,{"date":388,"score":151,"percentile":389},"2026-01-25",0.59525,{"date":391,"score":151,"percentile":392},"2026-01-26",0.59515,{"date":394,"score":151,"percentile":367},"2026-01-27",{"date":396,"score":151,"percentile":397},"2026-01-28",0.59532,{"date":399,"score":151,"percentile":397},"2026-01-29",{"date":401,"score":151,"percentile":397},"2026-01-30",{"date":403,"score":151,"percentile":404},"2026-01-31",0.59538,{"date":406,"score":151,"percentile":407},"2026-02-01",0.59673,[409,419],{"source":72,"cvss_v2_0":410,"cvss_v3_0":9,"cvss_v3_1":415,"cvss_v4_0":9},{"baseScore":411,"baseSeverity":9,"vectorString":412,"impactScore":413,"exploitabilityScore":414},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":70,"baseSeverity":416,"vectorString":73,"impactScore":417,"exploitabilityScore":418},"MEDIUM",6,5.6,{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":70,"baseSeverity":9,"vectorString":73,"impactScore":417,"exploitabilityScore":418},[422,433,440],{"ecosystem":9,"name":423,"vendor":424,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"debian linux","debian","debian_linux","o",[428,431],{"version":429,"is_range":35,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":432,"is_range":35,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":434,"vendor":435,"product":434,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"crypto","golang","a",[438],{"version":439,"is_range":35,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019-03-25",{"ecosystem":441,"name":442,"vendor":443,"product":434,"cpe_part":9,"purl_type":435,"purl_namespace":443,"purl_name":434,"source":9,"versions":444},"Go","golang.org/x/crypto","golang.org/x",[445],{"version":446,"is_range":447,"range_type":448,"version_start":9,"version_start_type":9,"version_end":449,"version_end_type":450,"fixed_in":9},"lt0_0_0_20190424203555_c05e17bb3b2d",true,"semver","0.0.0-20190424203555-c05e17bb3b2d","excluding"]