0.002 Low
EPSS
Percentile
54.0%
ecdh is vulnerable to ECDH Private Key Disclosure. The vulnerability exists because the deriveSharedSecret function in index.js does not properly check if a point is on the curve, allowing an attacker to retrieve the derived shared secret.
deriveSharedSecret
index.js
github.com/advisories/GHSA-p2hp-3wv3-4w74
github.com/developmentil/ecdh/commit/854291242fba488ce851dfb562807f6f70f27574
github.com/developmentil/ecdh/issues/3