CVE-2022-41340
Improper Verification of Cryptographic Signature in npm/@lionello/secp256k1-js
Identifiers
CVE-2022-41340
Package Slug
npm/@lionello/secp256k1-js
Vulnerability
Improper Verification of Cryptographic Signature
Description
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
Affected Versions
All versions before 1.1.0
Solution
Upgrade to version 1.1.0 or above.
Last Modified
2022-09-29
| source |