CVE-2020-13822: Integer Overflow or Wraparound
(updated )
The Elliptic package for Node.js allows ECDSA signature malleability via variations in encoding, leading \0
bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
References
Detect and mitigate CVE-2020-13822 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →