You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Remediation
Upgrade elliptic to version 6.5.3 or later. For example:
"dependencies": {
"elliptic": ">=6.5.3"
}
or…
"devDependencies": {
"elliptic": ">=6.5.3"
}
Always verify the validity and compatibility of suggestions with your codebase.
Details CVE-2020-13822
high severity
Vulnerable versions: < 6.5.3
Patched version: 6.5.3
The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Action item:
Update the package and see if it breaks
If there are any errors, make sure it's a vulnerability before working on those errors
Completion criteria:
Vulnerability is explored and addresses as appropriate
The text was updated successfully, but these errors were encountered:
Remediation
Upgrade elliptic to version 6.5.3 or later. For example:
or…
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-13822
high severity
Vulnerable versions: < 6.5.3
Patched version: 6.5.3
The Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Action item:
Completion criteria:
The text was updated successfully, but these errors were encountered: