8 matches found
Signature Verification Bypass
starkbank-ecdsa is vulnerable to signature verification bypass. The vulnerability exists due to the lack of verification of the public key when sending messages allowing an attacker to bypass signature verification needed to perform operations on the platform...
Signature Verification Bypass
starkbank-ecdsa is vulnerable to signature verification bypass. The vulnerability exists due to the lack of verification of the public key when sending messages allowing an attacker to bypass signature verification needed to perform operations on the platform...
starkbank (>=0.0.1 <=0.0.6) potentially affected by CVE-2021-43571 via starkbank-ecdsa (>=0.0.1 <=0.0.2)
starkbank-ecdsa NPM version =0.0.1, =0.0.1, =0.0.6 Source cves: CVE-2021-43571 Source advisory: OSV:GHSA-Q9Q6-F556-GPM7...
com.starkbank.sdk:sdk-java (>=0.2.3 <=0.3.0), com.starkbank:sdk (>=0.3.0 <=2.8.0) potentially affected by CVE-2021-43570 via com.starkbank.ellipticcurve:starkbank-ecdsa (=1.0.0)
com.starkbank.ellipticcurve:starkbank-ecdsa MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.starkbank.ellipticcurve:starkbank-ecdsa and may be impacted: - com.starkbank.sdk:sdk-java =0.2.3, =0.3.0, =2.8.0 Source cves:...
c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by CVE-2021-43572 via starkbank-ecdsa (>=1.0.0 <=1.1.1)
starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: CVE-2021-43572 Source advisory: OSV:GHSA-92VM-MXJF-JQF3...
Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by CVE-2021-43572 via starkbank-ecdsa (>=1.0.0 <=1.1.1)
starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: CVE-2021-43572 Source advisory: OSV:PYSEC-2021-426...
c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by unknown CVE via starkbank-ecdsa (>=1.0.0 <=1.1.1)
starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-9WX7-JRVC-28MM...