@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +29 more potentially affected by CVE-2024-1631 via @dfinity/identity (>=0.20.2 <=0.9.3)

@dfinity/identity NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.8.5, =0.8.0, =0.8.4, =0.1.8, =0.1.11, =1.0.0-alpha.0, =1.7.0, =0.0.1, =0.0.1, =0.0.4, =0.0.5-fix6 and more Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...

PT-2024-18179

Name of the Vulnerable Software and Affected Versions @dfinity/identity versions prior to 1.0.1 Description The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret...