{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T03:48:49.952","vulnerabilities":[{"cve":{"id":"CVE-2021-21387","sourceIdentifier":"security-advisories@github.com","published":"2021-03-19T16:15:12.780","lastModified":"2024-11-21T05:48:15.233","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0."},{"lang":"es","value":"Wrongthink mensajero cifrado punto a punto y de extremo a extremo con PeerJS y Axolotl Ratchet. En wrongthink desde versión 2.0.0 y anteriores a 2.3.0, había un conjunto de vulnerabilidades que causaban una fuerza de cifrado inapropiada. Parte de la clave de identidad secreta fue divulgada por la huella digital usada para la conexión. Además, el número de seguridad fue calculado inapropiadamente. Se calculó usando parte de una de las claves de identidad públicas en lugar de derivarse de ambas claves de identidad públicas. Esto causó problemas en el cálculo de números de seguridad que potencialmente podrían explotarse en el mundo real. Además, hubo un nivel de cifrado inadecuado debido al uso de claves DSA de 1024 bits. Todos estos problemas están corregidos en versión 2.3.0"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"},{"lang":"en","value":"CWE-326"},{"lang":"en","value":"CWE-358"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wrongthink:wrongthink:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.3.0","matchCriteriaId":"EF024789-5E37-406E-81A4-99DF296E2A38"}]}]}],"references":[{"url":"https://github.com/parabirb/wrongthink/security/advisories/GHSA-5jxh-6378-rg7v","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/parabirb/wrongthink/security/advisories/GHSA-5jxh-6378-rg7v","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}