3 matches found
MAL-2026-1134 Malicious code in ts-big-number (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644a6ea1bec80a1e6f2dd3ee69a62602237f916e6b2877e126e18d8ef5b7f691 The package ts-big-number was found to contain malicious code. Source: ghsa-malware 490d5033b9169ec80de58a0c2bb8bdbfe435f06200e0b7cc729ce393f2449d40...
bn.js 安全漏洞
bn.js is a large number processing library developed by Fedor Indutny. Versions of bn.js prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from calling maskn0 on any BN instance, which could corrupt internal state. This allowed methods like toString and divmod to...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely. PoC javascript const BN = require'bn.js'; // any...