{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56040?format=json","vulnerability_id":"VCID-3tzp-z1xy-6bch","summary":"secp256k1-node allows private key extraction over ECDH\nIn `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39\n\n`loadCompressedPublicKey` is, however, missing that check: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19\n\nThat allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power\n\nOther operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak","aliases":[{"alias":"CVE-2024-48930"},{"alias":"GHSA-584q-6j8j-r5pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83014?format=json","purl":"pkg:npm/secp256k1@3.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/83013?format=json","purl":"pkg:npm/secp256k1@4.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@4.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/83012?format=json","purl":"pkg:npm/secp256k1@5.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@5.0.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/775441?format=json","purl":"pkg:npm/secp256k1@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775442?format=json","purl":"pkg:npm/secp256k1@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775443?format=json","purl":"pkg:npm/secp256k1@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/775444?format=json","purl":"pkg:npm/secp256k1@0.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/775445?format=json","purl":"pkg:npm/secp256k1@0.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/775446?format=json","purl":"pkg:npm/secp256k1@0.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/775447?format=json","purl":"pkg:npm/secp256k1@0.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/775448?format=json","purl":"pkg:npm/secp256k1@0.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/775449?format=json","purl":"pkg:npm/secp256k1@0.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/775450?format=json","purl":"pkg:npm/secp256k1@0.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/775451?format=json","purl":"pkg:npm/secp256k1@0.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/775452?format=json","purl":"pkg:npm/secp256k1@0.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/775453?format=json","purl":"pkg:npm/secp256k1@0.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/775454?format=json","purl":"pkg:npm/secp256k1@0.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/775455?format=json","purl":"pkg:npm/secp256k1@0.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/775456?format=json","purl":"pkg:npm/secp256k1@0.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/775457?format=json","purl":"pkg:npm/secp256k1@0.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@0.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/775458?format=json","purl":"pkg:npm/secp256k1@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775459?format=json","purl":"pkg:npm/secp256k1@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775460?format=json","purl":"pkg:npm/secp256k1@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775461?format=json","purl":"pkg:npm/secp256k1@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775462?format=json","purl":"pkg:npm/secp256k1@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775463?format=json","purl":"pkg:npm/secp256k1@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/775464?format=json","purl":"pkg:npm/secp256k1@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/775465?format=json","purl":"pkg:npm/secp256k1@1.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/775466?format=json","purl":"pkg:npm/secp256k1@1.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@1.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/775467?format=json","purl":"pkg:npm/secp256k1@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775468?format=json","purl":"pkg:npm/secp256k1@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775469?format=json","purl":"pkg:npm/secp256k1@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775470?format=json","purl":"pkg:npm/secp256k1@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/775471?format=json","purl":"pkg:npm/secp256k1@2.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/775472?format=json","purl":"pkg:npm/secp256k1@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/775473?format=json","purl":"pkg:npm/secp256k1@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/775474?format=json","purl":"pkg:npm/secp256k1@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/775475?format=json","purl":"pkg:npm/secp256k1@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/775476?format=json","purl":"pkg:npm/secp256k1@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/775477?format=json","purl":"pkg:npm/secp256k1@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/775478?format=json","purl":"pkg:npm/secp256k1@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775479?format=json","purl":"pkg:npm/secp256k1@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775480?format=json","purl":"pkg:npm/secp256k1@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775481?format=json","purl":"pkg:npm/secp256k1@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775482?format=json","purl":"pkg:npm/secp256k1@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775483?format=json","purl":"pkg:npm/secp256k1@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/775484?format=json","purl":"pkg:npm/secp256k1@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775485?format=json","purl":"pkg:npm/secp256k1@3.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775486?format=json","purl":"pkg:npm/secp256k1@3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775487?format=json","purl":"pkg:npm/secp256k1@3.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775488?format=json","purl":"pkg:npm/secp256k1@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775489?format=json","purl":"pkg:npm/secp256k1@3.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775490?format=json","purl":"pkg:npm/secp256k1@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775491?format=json","purl":"pkg:npm/secp256k1@3.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775492?format=json","purl":"pkg:npm/secp256k1@3.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775493?format=json","purl":"pkg:npm/secp256k1@3.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775494?format=json","purl":"pkg:npm/secp256k1@3.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@3.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/83010?format=json","purl":"pkg:npm/secp256k1@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/775495?format=json","purl":"pkg:npm/secp256k1@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/775496?format=json","purl":"pkg:npm/secp256k1@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@4.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/775497?format=json","purl":"pkg:npm/secp256k1@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@4.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/83011?format=json","purl":"pkg:npm/secp256k1@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3tzp-z1xy-6bch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/secp256k1@5.0.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48930","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44347","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44306","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44294","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44331","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44355","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-48930"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cryptocoinjs/secp256k1-node"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/commit/8bd6446e000fa59df3cda0ae3e424300747ea5ed","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/commit/8bd6446e000fa59df3cda0ae3e424300747ea5ed"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/commit/9a15fff274f83a6ec7f675f1121babcc0c42292f","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/commit/9a15fff274f83a6ec7f675f1121babcc0c42292f"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/commit/e256905ee649a7caacc251f7c964667195a52221","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/commit/e256905ee649a7caacc251f7c964667195a52221"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48930","reference_id":"CVE-2024-48930","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48930"},{"reference_url":"https://github.com/advisories/GHSA-584q-6j8j-r5pm","reference_id":"GHSA-584q-6j8j-r5pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-584q-6j8j-r5pm"},{"reference_url":"https://github.com/cryptocoinjs/secp256k1-node/security/advisories/GHSA-584q-6j8j-r5pm","reference_id":"GHSA-584q-6j8j-r5pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-21T16:36:50Z/"}],"url":"https://github.com/cryptocoinjs/secp256k1-node/security/advisories/GHSA-584q-6j8j-r5pm"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":354,"name":"Improper Validation of Integrity Check Value","description":"The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tzp-z1xy-6bch"}