rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency

Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...

PT-2023-33034 · Unknown · Rusty-Paseto +1

Name of the Vulnerable Software and Affected Versions: ed25519-dalek versions prior to 2.0 rusty-paseto versions prior to 0.6.0 Description: The issue arises from a "Double Public Key Signing Function Oracle Attack" affecting the ed25519-dalek crate, which is a dependency of the rusty-paseto crat...