3 matches found
CVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
@0xvitto/context (>=0.1.0 <=0.1.1), @1001-digital/components.evm (>=1.3.0 <=3.6.11) +699 more potentially affected by CVE-2024-48930 via secp256k1 (=5.0.0)
secp256k1 NPM version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on secp256k1 and may be impacted: - @0xvitto/context =0.1.0, =1.3.0, =0.1.0, =1.2.2, =0.0.3, =0.1.0, =0.1.0, =0.1.0, =0.1.3, =2.2.2, =0.0.1, =0.0.4 and more Source cves:...
CVE-2024-48930
creationtimestamp| type| source ---|---|--- 2024-10-21 02:54:11+00:00| published-proof-of-concept| https://github.com/cryptocoinjs/secp256k1-node/security/advisories/GHSA-584q-6j8j-r5pm 2024-10-29 10:48:04+00:00| published-proof-of-concept| https://t.me/HackerArsenal/646 2024-10-30 07:05:32+00:00...