ecdsa-node is vulnerable to signature verification bypass. The vulnerability exists because the ranges of signature r and s in verify
function of ecdsa.js
are not properly validated. A malicious attacker is able to perform unauthorized operations by gaining access, forging signatures on arbitrary messages.
CPE | Name | Operator | Version |
---|---|---|---|
@cdottori/ecdsa-node | eq | 0.0.3 | |
@cdottori/ecdsa-node | eq | 0.0.4 | |
@cdottori/ecdsa-node | eq | 0.0.3 | |
@cdottori/ecdsa-node | eq | 0.0.4 |