Vulnerabilities > Indutny
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
2020-06-04 | CVE-2020-13822 | Integer Overflow or Wraparound vulnerability in Indutny Elliptic 6.5.2 The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. | 7.7 |