.avif)
View all vulnerabilities
CVE-2024-42461
Elliptic allows BER-encoded signatures
Description
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Versions
elliptic >= 5.2.1 < 6.5.7
Severity
Medium
Medium
Medium
Ecosystem
JavaScript
Publish Date
August 2, 2024
Modified Date
August 15, 2024