@chainsafe/libp2p-noise
before 4.1.2 and 5.0.3 was not correctly validating signatures during the handshake process.
This may allow a man-in-the-middle to pose as other peers and get those peers banned.
Users should upgrade to 4.1.2 or 5.0.3
No workarounds, just patch upgrade
CPE | Name | Operator | Version |
---|---|---|---|
@chainsafe/libp2p-noise | lt | 4.1.2 | |
@chainsafe/libp2p-noise | ge | 5.0.0 | |
@chainsafe/libp2p-noise | lt | 5.0.3 |