Man In The Middle (MitM)

2022-03-2208:09:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

41.4%

JSON

@chainsafe/libp2p-noise is vulnerable to Man In The Middle attack. The vulnerability exists due to a lack of validation of signature during handshake process.

CPENameOperatorVersion
@chainsafe/libp2p-noisele4.1.1
@chainsafe/libp2p-noisele5.0.2
@chainsafe/libp2p-noisele4.1.1
@chainsafe/libp2p-noisele5.0.2

Name	Operator	Version
@chainsafe/libp2p-noise	le	4.1.1
@chainsafe/libp2p-noise	le	5.0.2
@chainsafe/libp2p-noise	le	4.1.1
@chainsafe/libp2p-noise	le	5.0.2

References

github.com/advisories/GHSA-j3ff-xp6c-6gcc

github.com/ChainSafe/js-libp2p-noise/issues/131

github.com/ChainSafe/js-libp2p-noise/pull/130

github.com/ChainSafe/js-libp2p-noise/releases/tag/v5.0.3

github.com/ChainSafe/js-libp2p-noise/security/advisories/GHSA-j3ff-xp6c-6gcc

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for VERACODE:34788