CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
7.5CVSS
7.5AI Score
0.001EPSS