CVE-2022-41340
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
Pure JS implementation of secp256k1 signing, verification, recovery ECDSA.
GitHub
NPM