Improper Verification of Cryptographic Signature


**Package Manager**: npm
Vulnerable module: elliptic
Introduced through: node-polyfill-webpack-plugin@4.1.0 and others
**Detailed paths**

node-polyfill-webpack-plugin@4.1.0 › node-stdlib-browser@1.3.1 › crypto-browserify@3.12.1 › browserify-sign@4.2.3 › elliptic@6.6.1

 node-polyfill-webpack-plugin@4.1.0 › node-stdlib-browser@1.3.1 › crypto-browserify@3.12.1 › create-ecdh@4.0.4 › elliptic@6.5.4

**Overview**
[elliptic](https://www.npmjs.com/package/elliptic) is a fast elliptic-curve cryptography implementation in plain javascript.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a missing signature length check in the EDDSA signature process. An attacker can manipulate the signature by appending or removing zero-valued bytes.
**Remediation**
Upgrade elliptic to version 6.6.1 or higher.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Improper Verification of Cryptographic Signature #60

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Improper Verification of Cryptographic Signature #60

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions