Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40bsv/sdk@1.3.4
Typenpm
Namespace@bsv
Namesdk
Version1.3.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0
Latest_non_vulnerable_version2.0.0
Affected_by_vulnerabilities
0
url VCID-h4rh-6qqx-v3cc
vulnerability_id VCID-h4rh-6qqx-v3cc
summary The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potential authentication bypass scenarios. The vulnerability was located in the `Peer.ts` file of the TypeScript SDK, specifically in the `processInitialRequest` and `processInitialResponse` methods where signature data is prepared for BRC-104 mutual authentication. The TypeScript SDK incorrectly prepared signature data by concatenating base64-encoded nonce strings (`message.initialNonce + sessionNonce`) then decoding the concatenated base64 string (`base64ToBytes(concatenatedString)`). This produced ~32-34 bytes of signature data instead of the correct 64 bytes. BRC-104 authentication relies on cryptographic signatures to establish mutual trust between peers. When signature data preparation is incorrect, signatures generated by the TypeScript SDK don't match those expected by Go/Python SDKs; cross-implementation authentication fails; and an attacker could potentially exploit this to bypass authentication checks. The fix in version 2.0.0 ensures all SDKs now produce identical cryptographic signatures, restoring proper mutual authentication across implementations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69287
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24499
published_at 2026-06-14T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24505
published_at 2026-06-12T12:55:00Z
2
value 0.00083
scoring_system epss
scoring_elements 0.24311
published_at 2026-06-11T12:55:00Z
3
value 0.00083
scoring_system epss
scoring_elements 0.24515
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69287
1
reference_url https://github.com/bsv-blockchain/ts-sdk
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bsv-blockchain/ts-sdk
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69287
reference_id CVE-2025-69287
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69287
3
reference_url https://github.com/bsv-blockchain/ts-sdk/commit/d8cf6930028372079d977138ae9eaa03ae2f50bb
reference_id d8cf6930028372079d977138ae9eaa03ae2f50bb
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:26:20Z/
url https://github.com/bsv-blockchain/ts-sdk/commit/d8cf6930028372079d977138ae9eaa03ae2f50bb
4
reference_url https://github.com/advisories/GHSA-vjpq-xx5g-qvmm
reference_id GHSA-vjpq-xx5g-qvmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjpq-xx5g-qvmm
5
reference_url https://github.com/bsv-blockchain/ts-sdk/security/advisories/GHSA-vjpq-xx5g-qvmm
reference_id GHSA-vjpq-xx5g-qvmm
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T19:26:20Z/
url https://github.com/bsv-blockchain/ts-sdk/security/advisories/GHSA-vjpq-xx5g-qvmm
fixed_packages
0
url pkg:npm/%40bsv/sdk@2.0.0
purl pkg:npm/%40bsv/sdk@2.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540bsv/sdk@2.0.0
aliases CVE-2025-69287, GHSA-vjpq-xx5g-qvmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4rh-6qqx-v3cc
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540bsv/sdk@1.3.4