Seal Security

CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Vulnerability Details

Score

5.3

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Versions

elliptic >= 5.2.1 < 6.5.7

Severity

Medium

Ecosystem

JavaScript

Publish Date

August 2, 2024

Modified Date

August 15, 2024