CVE-2024-49364
CVE-2024-49364 affects tiny-secp256k1 (NPM wrapper). Prior to 1.1.7, if global Buffer comes from the NPM buffer package, the Buffer.isBuffer check can be bypassed, enabling private key extraction by signing a malicious JSON-stringifiable object via key reuse across messages. The issue is fixed in...