Secp256K1 Js
1 CVEs
product
Monthly
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Jwt Attack
Node.js
Secp256K1 Js
NVD
GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41340
npm
EPSS 0%
CVSS 7.5
HIGH
PATCH
This Week
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Jwt Attack
Node.js
+1
NVD
GitHub