CVE-2021-43569: Improper Verification of Cryptographic Signature
(updated )
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
References
Detect and mitigate CVE-2021-43569 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →