Home > Vulnerability Database > WS-2019-0424

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2019-0424

Good to know:

Date: November 13, 2019

all versions before 6.5.2 of elliptic are vulnerable to Timing Attack through side-channels.

Language: Java

Severity Score

7.5

Related Resources (2)

Url: https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Url: https://www.mend.io/vulnerability-database/WS-2019-0424

Severity Score

7.5

Weakness Type (CWE)

Observable Timing Discrepancy

CWE-208

Top Fix

Upgrade Version

Upgrade to version richardtmiles/carbonphp - dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1;richardtmiles/carbonphp - 1.0.1;richardtmiles/carbonphp - dev-always_send_request_body;richardtmiles/carbonphp - dev-feature/serialized_db_fix;richardtmiles/carbonphp - 5.0.0;richardtmiles/carbonphp - dev-RestUpdate_PrimaryKeyValidation;richardtmiles/carbonphp - dev-dependabot/npm_and_yarn/crypto-js-4.2.0;dotnetng.template - 1.0.0.4;OctoWeb01 - no_fix;moxie-dom - 0.1.1-alpha.0;meesy/shopavel - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;meesy/shopavel - dev-dependabot/npm_and_yarn/ansi-regex-5.0.1;meesy/shopavel - dev-dependabot/npm_and_yarn/color-string-1.6.0;meesy/shopavel - dev-add-code-of-conduct-1;meesy/shopavel - dev-master;meesy/shopavel - dev-dependabot/npm_and_yarn/axios-0.21.2;meesy/shopavel - dev-dependabot/composer/laravel/framework-8.40.0;Fable.Library.Template - no_fix;postboxcms/postbox - dev-dependabot/npm_and_yarn/url-parse-1.5.10;postboxcms/postbox - dev-feature/ISSUE-39;postboxcms/postbox - dev-dependabot/npm_and_yarn/browserslist-4.16.6;postboxcms/postbox - dev-package/dbo;postboxcms/postbox - dev-sanketraut-patch-1;postboxcms/postbox - dev-dependabot/npm_and_yarn/ws-6.2.2;doccano - 1.4.1;horizon/description - no_fix;horizon/description - dev-dependabot/npm_and_yarn/axios-0.21.1;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;elegantweb/laravel-admin - 1.0.0;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/admin-lte/ini-1.3.8;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2;elegantweb/laravel-admin - no_fix;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22;elegantweb/laravel-admin - v2.0.3;elegantweb/laravel-admin - v1.1.2;elegantweb/laravel-admin - v1.0.2;elegantweb/laravel-admin - no_fix;elegantweb/laravel-admin - v3.0.0;Romano.Vue - 1.0.1;devsfort/fortblog - no_fix;miljoen/nova-autofill - no_fix;miljoen/nova-autofill - v1.0.0;electrscash - 1.1.1;rotary/rotary_bs4 - no_fix;mayronalves/laravel-core - dev-dependabot/composer/symfony/mime-4.4.1;novum/innovation-app-core - dev-temp-commit;timoetting/kirby-builder - v2.0.3;timoetting/kirby-builder - v2.0.2;timoetting/kirby-builder - v2.0.0;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;sergiosgc/jsonschema-form - no_fix;sergiosgc/jsonschema-form - dev-dependabot/npm_and_yarn/js/elliptic-6.5.3;sergiosgc/jsonschema-form - dev-dependabot/npm_and_yarn/js/webpack-5.94.0;bizprove/canvas - v1.0;VueTemplate - no_fix;narirock/marrs-catalog - no_fix;rustimate-client - no_fix;jupyterlab-nvdashboard - 0.5.0;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;ejin/like-counter - no_fix;ejin/like-counter - v0.1.0;genenotebook - 0.3.0;trezebits/trezevel-gallery - no_fix;Fable.Template.Elmish.React - 0.1.6;kayrules/solatjakim-api-site - dev-version-1.0;aimensasi/inquiry-module - no_fix;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/ini-1.3.8;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/path-parse-1.0.7;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/browserslist-4.17.0;zymawy/ironside-core - dev-utils;carbonorm/carbonphp - dev-dependabot/npm_and_yarn/crypto-js-4.2.0;carbonorm/carbonphp - 5.0.0;jsdom - 11.11.0;Sheelersoft.AngularTemplate - no_fix;deltasystems/dewdrop - dev-hotfix-check-href;contentasaurus/c-rex-admin - v1.0.1;contentasaurus/c-rex-admin - v1.0.7;pwptemplatepusintek - no_fix;GR.PageRender.Razor - 1.8.0;mahlamusa/material-php - 1.0.0;spyder-terminal - 1.0.0;elliptic - 6.5.3;gheb/nn - dev-master;Sheeler.AngularTemplate - no_fix;PWPTemplateCMS - no_fix;VueJS.NetCore - 1.1.1;emolinablas/laravel-vue-crud - 1.0.1;MIDIator.WebClient - 1.0.105;make-sense - no_fix;ilhanet/erpnet-widget-resource - no_fix;apothan/open-tour-website - dev-master;org.webjars.npm:elliptic:6.5.4;org.webjars.npm:github-com-openpgpjs-elliptic:no_fix

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2019-0424

Good to know:

Date: November 13, 2019

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?