WS-2019-0427 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0427

WS-2019-0427

Published:May 19, 2026

Updated:May 20, 2026

The function getNAF() in elliptic library has information leakage. This issue is mitigated in version 6.5.2

Affected Packages

elliptic (CDN_JS):

Affected version(s) >=6.3.1 <6.5.2

Fix Suggestion:

Update to version 6.5.2

genenotebook (CONDA):

Affected version(s) >=0.1.1 <0.3.0

Fix Suggestion:

Update to version 0.3.0

jsdom (CONDA):

Affected version(s) =11.0.0 <11.11.0

Fix Suggestion:

Update to version 11.11.0

elliptic (NPM):

Affected version(s) >=0.1.0 <6.5.2

Fix Suggestion:

Update to version 6.5.2

fable.template.elmish.react (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

nordron.angulartemplate (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

indianadavy.vuejswebapitemplate.csharp (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

sheeler.angulartemplate (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

pwptemplatepusintek (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

vuetemplate (NUGET):

Affected version(s) =0.1.0

Fix Suggestion:

Update to version no_fix

romano.vue (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

sheelersoft.angulartemplate (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

dotnetng.template (NUGET):

Affected version(s) >=1.0.0.1 <1.0.0.4

Fix Suggestion:

Update to version 1.0.0.4

corevuewebtest (NUGET):

Affected version(s) =3.0.100 <3.0.101

Fix Suggestion:

Update to version 3.0.101

pwptemplatecms (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

fable.library.template (NUGET):

Affected version(s) >=0.1.0-alpha002 <=0.1.0-alpha003

Fix Suggestion:

Update to version no_fix

midiator.webclient (NUGET):

Affected version(s) >=1.0.98 <1.0.105

Fix Suggestion:

Update to version 1.0.105

elegantweb/laravel-admin (PHP):

Affected version(s) >=1.0.x-dev <v1.0.2

Fix Suggestion:

Update to version v1.0.2

oburatongoi/productivity (PHP):

Affected version(s) >=0.0.9 <0.0.13

Fix Suggestion:

Update to version 0.0.13

oburatongoi/productivity (PHP):

Affected version(s) =dev-master <0.0.1

Fix Suggestion:

Update to version 0.0.1

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.0 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.0 <v2.0.0

Fix Suggestion:

Update to version v2.0.0

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =0.0.1 <0.0.2

Fix Suggestion:

Update to version 0.0.2

deltasystems/dewdrop (PHP):

Affected version(s) =dev-feature/webpack <dev-hotfix-check-href

Fix Suggestion:

Update to version dev-hotfix-check-href

mayronalves/laravel-core (PHP):

Affected version(s) >=v1.0.0 <dev-dependabot/composer/symfony/mime-4.4.1

Fix Suggestion:

Update to version dev-dependabot/composer/symfony/mime-4.4.1

richardtmiles/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/url-parse-1.5.3 <dev-dependabot/npm_and_yarn/url-parse-1.5.10

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/url-parse-1.5.10

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.2 <v2.0.2

Fix Suggestion:

Update to version v2.0.2

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-RichardTMiles-patch-1 <1.0.1

Fix Suggestion:

Update to version 1.0.1

elegantweb/laravel-admin (PHP):

Affected version(s) >=v1.0.3 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-StatsCoach <dev-always_send_request_body

Fix Suggestion:

Update to version dev-always_send_request_body

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/axios-0.21.1 <dev-sanketraut-patch-1

Fix Suggestion:

Update to version dev-sanketraut-patch-1

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/elliptic-6.5.4 <dev-feature/ISSUE-39

Fix Suggestion:

Update to version dev-feature/ISSUE-39

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/composer/symfony/http-foundation-4.4.8 <dev-dependabot/npm_and_yarn/browserslist-4.16.6

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/browserslist-4.16.6

kayrules/solatjakim-api-site (PHP):

Affected version(s) =dev-master <dev-version-1.0

Fix Suggestion:

Update to version dev-version-1.0

ilhanet/erpnet-widget-resource (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

flexxia/flexprimeng (PHP):

Affected version(s) =dev-anguarJs-v7 <dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

carbonorm/carbonphp (PHP):

Affected version(s) >=4.5.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

trezebits/trezevel-gallery (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/public/components/admin-lte/chart.js-2.9.4 <dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

contentasaurus/c-rex-admin (PHP):

Affected version(s) =v1.0.0 <v1.0.1

Fix Suggestion:

Update to version v1.0.1

oburatongoi/productivity (PHP):

Affected version(s) >=0.1.0 <=0.4.45

Fix Suggestion:

Update to version no_fix

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.4 <dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

gheb/nn (PHP):

Affected version(s) =dev-installed-example <dev-master

Fix Suggestion:

Update to version dev-master

sergiosgc/jsonschema-form (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/js/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/js/y18n-4.0.1

Fix Suggestion:

Update to version no_fix

zymawy/ironside-core (PHP):

Affected version(s) =dev-master <dev-utils

Fix Suggestion:

Update to version dev-utils

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/ssri-6.0.2 <dev-dependabot/npm_and_yarn/ws-6.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/ws-6.2.2

carbonorm/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

devsfort/fortblog (PHP):

Affected version(s) >=dev-dev <=1.0.1

Fix Suggestion:

Update to version no_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-master <dev-package/dbo

Fix Suggestion:

Update to version dev-package/dbo

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.3 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

flexxia/flexprimeng (PHP):

Affected version(s) >=dev-dev-demo-primeng-chart <dev-update-angularjs

Fix Suggestion:

Update to version dev-update-angularjs

richardtmiles/carbonphp (PHP):

Affected version(s) =4.9.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-master <1.0.0

Fix Suggestion:

Update to version 1.0.0

contentasaurus/c-rex-admin (PHP):

Affected version(s) >=v1.0.2 <v1.0.7

Fix Suggestion:

Update to version v1.0.7

richardtmiles/carbonphp (PHP):

Affected version(s) =4.5.0 <dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=0.0.4 <0.0.17

Fix Suggestion:

Update to version 0.0.17

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-Reacting <dev-RestUpdate_PrimaryKeyValidation

Fix Suggestion:

Update to version dev-RestUpdate_PrimaryKeyValidation

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-carbon <dev-feature/serialized_db_fix

Fix Suggestion:

Update to version dev-feature/serialized_db_fix

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =dev-dev <dev-form-field-key

Fix Suggestion:

Update to version dev-form-field-key

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=v0.0.17 <0.0.56

Fix Suggestion:

Update to version 0.0.56

electrscash (RUST):

Affected version(s) =1.0.0 <1.1.1

Fix Suggestion:

Update to version 1.1.1

moxie-dom (RUST):

Affected version(s) =0.1.0 <0.1.1-alpha.0

Fix Suggestion:

Update to version 0.1.1-alpha.0

rustimate-client (RUST):

Affected version(s) >=0.0.1 <=0.1.0

Fix Suggestion:

Update to version no_fix

Related Resources (1)

https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Do you need more information?

CVSS v4

Base Score:

Attack Vector

ADJACENT

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE