CVE-2021-43570: Improper Verification of Cryptographic Signature
(updated )
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
References
Detect and mitigate CVE-2021-43570 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →