Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/starkbank-ecdsa@0.1.5
Typepypi
Namespace
Namestarkbank-ecdsa
Version0.1.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.1
Latest_non_vulnerable_version2.0.1
Affected_by_vulnerabilities
0
url VCID-e9pe-mbyf-c3ft
vulnerability_id VCID-e9pe-mbyf-c3ft
summary 
Signature verification vulnerability in Stark Bank ecdsa libraries
An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.
references
0
reference_url https://github.com/starkbank/ecdsa-dotnet
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-dotnet
1
reference_url https://github.com/starkbank/ecdsa-java
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-java
2
reference_url https://github.com/starkbank/ecdsa-node
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-node
3
reference_url https://github.com/starkbank/ecdsa-python
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python
4
reference_url https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f
5
reference_url https://github.com/starkbank/ecdsa-python/compare/v2.0.0...v2.0.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python/compare/v2.0.0...v2.0.1
6
reference_url https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
7
reference_url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries
8
reference_url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
reference_id
reference_type
scores
url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
9
reference_url https://github.com/advisories/GHSA-9wx7-jrvc-28mm
reference_id GHSA-9wx7-jrvc-28mm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9wx7-jrvc-28mm
fixed_packages
0
url pkg:pypi/starkbank-ecdsa@2.0.1
purl pkg:pypi/starkbank-ecdsa@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starkbank-ecdsa@2.0.1
aliases GHSA-9wx7-jrvc-28mm, GMS-2021-165, GMS-2021-170, GMS-2021-43, GMS-2021-62
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9pe-mbyf-c3ft
1
url VCID-wnuz-sw5s-wbdd
vulnerability_id VCID-wnuz-sw5s-wbdd
summary Improper Verification of Cryptographic Signature in starkbank-ecdsa
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43572
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47764
published_at 2026-06-12T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47624
published_at 2026-06-11T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.4776
published_at 2026-06-14T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.4778
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43572
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/starkbank-ecdsa/PYSEC-2021-426.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/starkbank-ecdsa/PYSEC-2021-426.yaml
2
reference_url https://github.com/starkbank/ecdsa-python
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python
3
reference_url https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f
4
reference_url https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
5
reference_url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries
6
reference_url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
reference_id
reference_type
scores
url https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43572
reference_id CVE-2021-43572
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43572
8
reference_url https://github.com/advisories/GHSA-92vm-mxjf-jqf3
reference_id GHSA-92vm-mxjf-jqf3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92vm-mxjf-jqf3
fixed_packages
0
url pkg:pypi/starkbank-ecdsa@2.0.1
purl pkg:pypi/starkbank-ecdsa@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/starkbank-ecdsa@2.0.1
aliases CVE-2021-43572, GHSA-92vm-mxjf-jqf3, PYSEC-2021-426
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnuz-sw5s-wbdd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/starkbank-ecdsa@0.1.5