CVE-2021-43572: Improper Verification of Cryptographic Signature
(updated )
The verify function in the Stark Bank Python ECDSA library (ecdsa-python) fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
References
Detect and mitigate CVE-2021-43572 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →