CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

Prototype Pollution

ioredis is vulnerable to prototype pollution. The vulnerability exists as the reply transformer does not check for special field names and mishandles malicious keys proto, which could, at worst, result in a denial of service condition due to limitations of not being able to overwrite global...