Need to update package "elliptic" because it has vulnerabilities #4878
Labels
enhancement
New feature or improvement.
minor-bump
Planned for the next minor version bump.
next-patch
Issues scheduled for the next arch release.
on-deck
This Enhancement or Bug is currently being worked on.
v5
Issues regarding legacy-v5
Comments
|
@ricmoo please check |
|
This is being investigated for v5 right now. Thanks! |
ricmoo
added
on-deck
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Feature
Update please package elliptic, because the version that are using has vulnerabilities:
Elliptic's EDDSA missing signature length check - GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether lead
ing bit of r and s is zero - GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - GHSA-49q7-c7j4-3p7m
Elliptic's verify function omits uniqueness validation - GHSA-434g-2637-qmqr
Valid ECDSA signatures erroneously rejected in Elliptic - GHSA-fc9h-whq2-v747
Code Example
No response
The text was updated successfully, but these errors were encountered: