Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/262055?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/262055?format=api", "purl": "pkg:npm/elliptic@6.3.0", "type": "npm", "namespace": "", "name": "elliptic", "version": "6.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55616?format=api", "vulnerability_id": "VCID-2sfb-9txp-c7av", "summary": "Elliptic's EDDSA missing signature length check\nIn the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32148", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32179", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32247", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32217", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42459" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11" }, { "reference_url": "https://github.com/indutny/elliptic/commit/c0690b36be043ee73c1780ae4b7df48632b11cf9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/c0690b36be043ee73c1780ae4b7df48632b11cf9" }, { "reference_url": "https://github.com/indutny/elliptic/pull/317", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-02T14:59:10Z/" } ], "url": "https://github.com/indutny/elliptic/pull/317" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241004-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241004-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821", "reference_id": "1077821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458", "reference_id": "2302458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459", "reference_id": "CVE-2024-42459", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459" }, { "reference_url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "reference_id": "GHSA-f7q4-pwc6-w24p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6209", "reference_id": "RHSA-2024:6209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6210", "reference_id": "RHSA-2024:6210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6738", "reference_id": "RHSA-2024:6738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6779", "reference_id": "RHSA-2024:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7759", "reference_id": "RHSA-2024:7759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7994", "reference_id": "RHSA-2024:7994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8533", "reference_id": "RHSA-2024:8533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8546", "reference_id": "RHSA-2024:8546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82329?format=api", "purl": "pkg:npm/elliptic@6.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.7" } ], "aliases": [ "CVE-2024-42459", "GHSA-f7q4-pwc6-w24p" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sfb-9txp-c7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55999?format=api", "vulnerability_id": "VCID-3rn2-srxp-p7bn", "summary": "Elliptic's verify function omits uniqueness validation\nThe Elliptic package 6.5.5 for Node.js for EDDSA implementation does not perform the required check if the signature proof(s) is within the bounds of the order n of the base point of the elliptic curve, leading to signature malleability. Namely, the `verify` function in `lib/elliptic/eddsa/index.js` omits `sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()` validation.\n\nThis vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48949.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48949.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52876", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.529", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.5292", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48949" }, { "reference_url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48949", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48949" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:20:12Z/" } ], "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281" }, { "reference_url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:20:12Z/" } ], "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241227-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241227-0003" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724", "reference_id": "2317724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949", "reference_id": "CVE-2024-48949", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949" }, { "reference_url": "https://github.com/advisories/GHSA-434g-2637-qmqr", "reference_id": "GHSA-434g-2637-qmqr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-434g-2637-qmqr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10236", "reference_id": "RHSA-2024:10236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6738", "reference_id": "RHSA-2024:6738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6779", "reference_id": "RHSA-2024:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7994", "reference_id": "RHSA-2024:7994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8351", "reference_id": "RHSA-2024:8351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8507", "reference_id": "RHSA-2024:8507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8533", "reference_id": "RHSA-2024:8533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8546", "reference_id": "RHSA-2024:8546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8974", "reference_id": "RHSA-2024:8974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8974" }, { "reference_url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/", "reference_id": "we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T20:20:12Z/" } ], "url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82922?format=api", "purl": "pkg:npm/elliptic@6.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sfb-9txp-c7av" }, { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-k6en-3w8h-sygy" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" }, { "vulnerability": "VCID-t9fh-dydj-9bge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.6" } ], "aliases": [ "CVE-2024-48949", "GHSA-434g-2637-qmqr" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rn2-srxp-p7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52852?format=api", "vulnerability_id": "VCID-bm4w-zre2-93fw", "summary": "Signature Malleabillity in elliptic\nThe Elliptic package before version 6.5.3 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61738", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61709", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61754", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61766", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61758", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13822" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec" }, { "reference_url": "https://github.com/indutny/elliptic/issues/226", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/issues/226" }, { "reference_url": "https://medium.com/%40herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/%40herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4" }, { "reference_url": "https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4" }, { "reference_url": "https://www.npmjs.com/package/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/elliptic" }, { "reference_url": "https://yondon.blog/2019/01/01/how-not-to-use-ecdsa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://yondon.blog/2019/01/01/how-not-to-use-ecdsa" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647", "reference_id": "1848647", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963149", "reference_id": "963149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963149" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822", "reference_id": "CVE-2020-13822", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822" }, { "reference_url": "https://github.com/advisories/GHSA-vh7m-p724-62c2", "reference_id": "GHSA-vh7m-p724-62c2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vh7m-p724-62c2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5533", "reference_id": "RHSA-2020:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77763?format=api", "purl": "pkg:npm/elliptic@6.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sfb-9txp-c7av" }, { "vulnerability": "VCID-3rn2-srxp-p7bn" }, { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-gzma-2y74-9ucn" }, { "vulnerability": "VCID-k6en-3w8h-sygy" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" }, { "vulnerability": "VCID-t9fh-dydj-9bge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.3" } ], "aliases": [ "CVE-2020-13822", "GHSA-vh7m-p724-62c2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bm4w-zre2-93fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49628?format=api", "vulnerability_id": "VCID-ew32-3yaw-hfgg", "summary": "Elliptic Uses a Cryptographic Primitive with a Risky Implementation\nThe ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs.\n\nThis issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01144", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02396", "published_at": "2026-06-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01057", "published_at": "2026-06-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01063", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14505" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/issues/321", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:22:47Z/" } ], "url": "https://github.com/indutny/elliptic/issues/321" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125180", "reference_id": "1125180", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428154", "reference_id": "2428154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428154" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14505", "reference_id": "CVE-2025-14505", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14505" }, { "reference_url": "https://www.herodevs.com/vulnerability-directory/cve-2025-14505", "reference_id": "CVE-2025-14505", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T21:22:47Z/" } ], "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-14505" }, { "reference_url": "https://github.com/advisories/GHSA-848j-6mx2-7j84", "reference_id": "GHSA-848j-6mx2-7j84", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-848j-6mx2-7j84" } ], "fixed_packages": [], "aliases": [ "CVE-2025-14505", "GHSA-848j-6mx2-7j84" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ew32-3yaw-hfgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54022?format=api", "vulnerability_id": "VCID-gzma-2y74-9ucn", "summary": "Use of a Broken or Risky Cryptographic Algorithm\nThe package elliptic is vulnerable to Cryptographic Issues via the secp256k1 implementation in `elliptic/ec/key.js`. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03935", "scoring_system": "epss", "scoring_elements": "0.8854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03935", "scoring_system": "epss", "scoring_elements": "0.88559", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03935", "scoring_system": "epss", "scoring_elements": "0.8856", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03935", "scoring_system": "epss", "scoring_elements": "0.88558", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498" }, { "reference_url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md" }, { "reference_url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f" }, { "reference_url": "https://github.com/indutny/elliptic/pull/244/commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/pull/244/commits" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899" }, { "reference_url": "https://www.npmjs.com/package/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/elliptic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28498", "reference_id": "CVE-2020-28498", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28498" }, { "reference_url": "https://github.com/advisories/GHSA-r9p9-mrjm-926w", "reference_id": "GHSA-r9p9-mrjm-926w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r9p9-mrjm-926w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79671?format=api", "purl": "pkg:npm/elliptic@6.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sfb-9txp-c7av" }, { "vulnerability": "VCID-3rn2-srxp-p7bn" }, { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-k6en-3w8h-sygy" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" }, { "vulnerability": "VCID-t9fh-dydj-9bge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.4" } ], "aliases": [ "CVE-2020-28498", "GHSA-r9p9-mrjm-926w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzma-2y74-9ucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55619?format=api", "vulnerability_id": "VCID-k6en-3w8h-sygy", "summary": "Elliptic allows BER-encoded signatures\nIn the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42461.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02898", "scoring_system": "epss", "scoring_elements": "0.8661", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02898", "scoring_system": "epss", "scoring_elements": "0.8662", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02898", "scoring_system": "epss", "scoring_elements": "0.86624", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02898", "scoring_system": "epss", "scoring_elements": "0.86625", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42461" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11" }, { "reference_url": "https://github.com/indutny/elliptic/pull/317", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-07T18:28:40Z/" } ], "url": "https://github.com/indutny/elliptic/pull/317" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241004-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241004-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821", "reference_id": "1077821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460", "reference_id": "2302460", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461", "reference_id": "CVE-2024-42461", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461" }, { "reference_url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "reference_id": "GHSA-49q7-c7j4-3p7m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6209", "reference_id": "RHSA-2024:6209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6210", "reference_id": "RHSA-2024:6210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6738", "reference_id": "RHSA-2024:6738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6779", "reference_id": "RHSA-2024:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7759", "reference_id": "RHSA-2024:7759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7994", "reference_id": "RHSA-2024:7994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8533", "reference_id": "RHSA-2024:8533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8546", "reference_id": "RHSA-2024:8546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82329?format=api", "purl": "pkg:npm/elliptic@6.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.7" } ], "aliases": [ "CVE-2024-42461", "GHSA-49q7-c7j4-3p7m" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6en-3w8h-sygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56651?format=api", "vulnerability_id": "VCID-naf1-wstu-budj", "summary": "Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)\nPrivate key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input\n\nNote that `elliptic` by design accepts hex strings as one of the possible input types", "references": [ { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/04cb6f54ce552b3ebde6be06d6050419e1c7333e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/04cb6f54ce552b3ebde6be06d6050419e1c7333e" }, { "reference_url": "https://github.com/advisories/GHSA-vjh7-7g9h-fjfh", "reference_id": "GHSA-vjh7-7g9h-fjfh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjh7-7g9h-fjfh" }, { "reference_url": "https://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh", "reference_id": "GHSA-vjh7-7g9h-fjfh", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73262?format=api", "purl": "pkg:npm/elliptic@6.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ew32-3yaw-hfgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.6.1" } ], "aliases": [ "GHSA-vjh7-7g9h-fjfh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-naf1-wstu-budj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56027?format=api", "vulnerability_id": "VCID-p89g-d93c-ekfn", "summary": "Valid ECDSA signatures erroneously rejected in Elliptic\nThe Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48948.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48948.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36885", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36913", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3692", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48948" }, { "reference_url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48948", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48948" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf" }, { "reference_url": "https://github.com/indutny/elliptic/issues/321", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T13:57:37Z/" } ], "url": "https://github.com/indutny/elliptic/issues/321" }, { "reference_url": "https://github.com/indutny/elliptic/pull/322", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T13:57:37Z/" } ], "url": "https://github.com/indutny/elliptic/pull/322" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241220-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241220-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085298", "reference_id": "1085298", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318778", "reference_id": "2318778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318778" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48948", "reference_id": "CVE-2024-48948", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48948" }, { "reference_url": "https://github.com/advisories/GHSA-fc9h-whq2-v747", "reference_id": "GHSA-fc9h-whq2-v747", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fc9h-whq2-v747" }, { "reference_url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/", "reference_id": "we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T13:57:37Z/" } ], "url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82988?format=api", "purl": "pkg:npm/elliptic@6.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-naf1-wstu-budj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.6.0" } ], "aliases": [ "CVE-2024-48948", "GHSA-fc9h-whq2-v747" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p89g-d93c-ekfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55618?format=api", "vulnerability_id": "VCID-t9fh-dydj-9bge", "summary": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero\nIn the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4755", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4758", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47597", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47595", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42460" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/indutny/elliptic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic" }, { "reference_url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11" }, { "reference_url": "https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/indutny/elliptic/commit/b6ff1758d9a6d1a7aec177ff6df9f586492a6315" }, { "reference_url": "https://github.com/indutny/elliptic/pull/317", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:06:17Z/" } ], "url": "https://github.com/indutny/elliptic/pull/317" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241004-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241004-0005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821", "reference_id": "1077821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077821" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459", "reference_id": "2302459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460", "reference_id": "CVE-2024-42460", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460" }, { "reference_url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "reference_id": "GHSA-977x-g7h5-7qgw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6209", "reference_id": "RHSA-2024:6209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6210", "reference_id": "RHSA-2024:6210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6738", "reference_id": "RHSA-2024:6738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6779", "reference_id": "RHSA-2024:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7759", "reference_id": "RHSA-2024:7759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7994", "reference_id": "RHSA-2024:7994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8533", "reference_id": "RHSA-2024:8533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8546", "reference_id": "RHSA-2024:8546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82329?format=api", "purl": "pkg:npm/elliptic@6.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ew32-3yaw-hfgg" }, { "vulnerability": "VCID-naf1-wstu-budj" }, { "vulnerability": "VCID-p89g-d93c-ekfn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.5.7" } ], "aliases": [ "CVE-2024-42460", "GHSA-977x-g7h5-7qgw" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9fh-dydj-9bge" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/elliptic@6.3.0" }