CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...

CVE-2024-21536

A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service DoS due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain path...

Denial of service in http-proxy-middleware

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths...

CVE-2024-21536

CVE-2024-21536 affects http-proxy-middleware: versions before 2.0.7, and 3.0.0–before 3.0.3, are vulnerable to DoS due to an unhandled rejection in micromatch that can crash a Node.js server. The fix is in 2.0.7 (and 3.x later 3.0.3). Remediate by upgrading to a version containing the fix (e.g., ...

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in April and July 2020, to the Node.js runtime and builtin modules, to other open source packages and to offering vulnerabilities discovered during security testin...

Oracle Java SE Multiple Vulnerabilities (October 2024 CPU)

The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Node Node.js. Supported versions that are affected are Oracle GraalVM for...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7769)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID:CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary...

SAP HANA Input Validation Error Vulnerability (CNVD-2024-49626)

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. An input validation error vulnerability exists in the SAP HANA Node.js client, which ste...

MAL-2024-9473 Malicious code in @taxify/nodejs-common (npm)

--- -= Per source details. Do not edit below this line.=-...

GHSA-R9MQ-3C9R-FMJQ Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...

Valid ECDSA signatures erroneously rejected in Elliptic

The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

GHSA-FC9H-WHQ2-V747 Valid ECDSA signatures erroneously rejected in Elliptic

The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

CVE-2024-48948

A flaw was found in the Elliptic Node.js package. In certain versions, the ECDSA implementation does not correctly verify valid signatures if the hash contains at least 4 leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash. This issue can lead to valid...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

DEBIAN-CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

PT-2024-33289 · Node.Js +2 · Elliptic +2

Name of the Vulnerable Software and Affected Versions: Elliptic versions prior to 6.6.0 Description: The Elliptic package for Node.js, in its ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic...