CVE-2023-33252
Double spend in snarkjs in npm/snarkjs
Identifiers
CVE-2023-33252, GHSA-xp5g-jhg3-3rg2
Package Slug
npm/snarkjs
Vulnerability
Double spend in snarkjs
Description
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
Affected Versions
All versions up to 0.6.11
Solution
Upgrade to version 0.7.0 or above.
Last Modified
2023-05-23
| source |