secp256k1-node Update elliptic to 6.5.7 (CVE-2024-42461)

Update elliptic to 6.5.7 (CVE-2024-42461)

Open owlcode opened this issue 6 months ago • 2 comments

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. See https://nvd.nist.gov/vuln/detail/CVE-2024-42461 https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918

Aug 20 '24 19:08 owlcode

secp256k1-node secp256k1-node copied to clipboard

Update elliptic to 6.5.7 (CVE-2024-42461)

secp256k1-node
secp256k1-node copied to clipboard