starkbank/ecdsa-node

Releases9

Frequency9 months 5 days

Last Release 24 days ago

Stars42

A lightweight and fast pure JS ECDSA library

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-43571 ↗	Nov 9, 2021Tuesday, 9 November 2021, 22:15	9.8 CRITICAL	7.5 HIGH
The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.