CVE-2022-41340
npm/@lionello/secp256k1-js
Improper Verification of Cryptographic Signature
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
All versions before 1.1.0
Upgrade to version 1.1.0 or above.
2022-09-29
source |