Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wu1n-6amw-tfd3

Summary An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.

Aliases

alias	CVE-2020-12607

alias	GHSA-56wv-2wr9-3h9r

alias	PYSEC-2020-42

Fixed_packages

url pkg:pypi/fastecdsa@2.1.2

purl pkg:pypi/fastecdsa@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.2

Affected_packages

url pkg:pypi/fastecdsa@1.0.0b1

purl pkg:pypi/fastecdsa@1.0.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.0b1

url pkg:pypi/fastecdsa@1.0.1b1

purl pkg:pypi/fastecdsa@1.0.1b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b1

url pkg:pypi/fastecdsa@1.0.1b2

purl pkg:pypi/fastecdsa@1.0.1b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b2

url pkg:pypi/fastecdsa@1.0.1b3

purl pkg:pypi/fastecdsa@1.0.1b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1b3

url pkg:pypi/fastecdsa@1.0.1

purl pkg:pypi/fastecdsa@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.1

url pkg:pypi/fastecdsa@1.0.2

purl pkg:pypi/fastecdsa@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.2

url pkg:pypi/fastecdsa@1.0.3

purl pkg:pypi/fastecdsa@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.0.3

url pkg:pypi/fastecdsa@1.1.0

purl pkg:pypi/fastecdsa@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.0

url pkg:pypi/fastecdsa@1.1.1

purl pkg:pypi/fastecdsa@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.1

url pkg:pypi/fastecdsa@1.1.2

purl pkg:pypi/fastecdsa@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.2

url pkg:pypi/fastecdsa@1.1.3

purl pkg:pypi/fastecdsa@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.1.3

url pkg:pypi/fastecdsa@1.2.1

purl pkg:pypi/fastecdsa@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.2.1

url pkg:pypi/fastecdsa@1.3.1

purl pkg:pypi/fastecdsa@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.3.1

url pkg:pypi/fastecdsa@1.3.2

purl pkg:pypi/fastecdsa@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.3.2

url pkg:pypi/fastecdsa@1.4.1

purl pkg:pypi/fastecdsa@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.1

url pkg:pypi/fastecdsa@1.4.2

purl pkg:pypi/fastecdsa@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.2

url pkg:pypi/fastecdsa@1.4.3

purl pkg:pypi/fastecdsa@1.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.4.3

url pkg:pypi/fastecdsa@1.5.1

purl pkg:pypi/fastecdsa@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.5.1

url pkg:pypi/fastecdsa@1.5.2

purl pkg:pypi/fastecdsa@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.5.2

url pkg:pypi/fastecdsa@1.6.1

purl pkg:pypi/fastecdsa@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.1

url pkg:pypi/fastecdsa@1.6.2

purl pkg:pypi/fastecdsa@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.2

url pkg:pypi/fastecdsa@1.6.3

purl pkg:pypi/fastecdsa@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.3

url pkg:pypi/fastecdsa@1.6.4

purl pkg:pypi/fastecdsa@1.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.4

url pkg:pypi/fastecdsa@1.6.5

purl pkg:pypi/fastecdsa@1.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.6.5

url pkg:pypi/fastecdsa@1.7.0

purl pkg:pypi/fastecdsa@1.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.0

url pkg:pypi/fastecdsa@1.7.1

purl pkg:pypi/fastecdsa@1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.1

url pkg:pypi/fastecdsa@1.7.2

purl pkg:pypi/fastecdsa@1.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.2

url pkg:pypi/fastecdsa@1.7.3

purl pkg:pypi/fastecdsa@1.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.3

url pkg:pypi/fastecdsa@1.7.4

purl pkg:pypi/fastecdsa@1.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.4

url pkg:pypi/fastecdsa@1.7.5

purl pkg:pypi/fastecdsa@1.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@1.7.5

url pkg:pypi/fastecdsa@2.0.0

purl pkg:pypi/fastecdsa@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.0.0

url pkg:pypi/fastecdsa@2.1.0

purl pkg:pypi/fastecdsa@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.0

url pkg:pypi/fastecdsa@2.1.1

purl pkg:pypi/fastecdsa@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8nfq-s4yw-5yab

vulnerability	VCID-wu1n-6amw-tfd3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fastecdsa@2.1.1

References

reference_url	https://github.com/advisories/GHSA-56wv-2wr9-3h9r
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-56wv-2wr9-3h9r

reference_url	https://github.com/AntonKueltz/fastecdsa
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa

reference_url	https://github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/commit/4a16daeaf139be20654ef58a9fe4c79dc030458c

reference_url	https://github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/commit/7b64e3efaa806b4daaf73bb5172af3581812f8de

reference_url	https://github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/commit/e592f106edd5acf6dacedfab2ad16fe6c735c9d1

reference_url	https://github.com/AntonKueltz/fastecdsa/issues/52
reference_id
reference_type
scores
url	https://github.com/AntonKueltz/fastecdsa/issues/52

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/fastecdsa/PYSEC-2020-42.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/fastecdsa/PYSEC-2020-42.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-12607
reference_id	CVE-2020-12607
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-12607

Weaknesses

cwe_id	347
name	Improper Verification of Cryptographic Signature
description	The product does not verify, or incorrectly verifies, the cryptographic signature for data.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wu1n-6amw-tfd3

Vulnerability Instance