Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0427
Good to know:
Date: November 22, 2019
The function getNAF() in elliptic library has information leakage. This issue is mitigated in version 6.5.2
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Top Fix
Upgrade Version
Upgrade to version flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;zymawy/ironside-core - dev-utils;contentasaurus/c-rex-admin - v1.0.1;contentasaurus/c-rex-admin - v1.0.7;devsfort/fortblog - no_fix;Fable.Library.Template - no_fix;Romano.Vue - 1.0.1;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - no_fix;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;kayrules/solatjakim-api-site - dev-version-1.0;mayronalves/laravel-core - dev-dependabot/composer/symfony/mime-4.4.1;postboxcms/postbox - dev-dependabot/npm_and_yarn/browserslist-4.16.6;postboxcms/postbox - dev-package/dbo;postboxcms/postbox - dev-dependabot/npm_and_yarn/ws-6.2.2;postboxcms/postbox - dev-sanketraut-patch-1;postboxcms/postbox - dev-feature/ISSUE-39;postboxcms/postbox - dev-dependabot/npm_and_yarn/url-parse-1.5.10;elegantweb/laravel-admin - v1.1.2;elegantweb/laravel-admin - v2.0.3;elegantweb/laravel-admin - v1.0.2;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/admin-lte/ini-1.3.8;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2;elegantweb/laravel-admin - dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22;elegantweb/laravel-admin - no_fix;elegantweb/laravel-admin - 1.0.0;carbonorm/carbonphp - 5.0.0;carbonorm/carbonphp - dev-dependabot/npm_and_yarn/crypto-js-4.2.0;timoetting/kirby-builder - v2.0.3;timoetting/kirby-builder - v2.0.0;timoetting/kirby-builder - v2.0.2;CoreVueWebTest - 3.0.101;trezebits/trezevel-gallery - no_fix;genenotebook - 0.3.0;gheb/nn - dev-master;richardtmiles/carbonphp - dev-always_send_request_body;richardtmiles/carbonphp - dev-dependabot/npm_and_yarn/crypto-js-4.2.0;richardtmiles/carbonphp - dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1;richardtmiles/carbonphp - dev-feature/serialized_db_fix;richardtmiles/carbonphp - 1.0.1;richardtmiles/carbonphp - 5.0.0;richardtmiles/carbonphp - dev-RestUpdate_PrimaryKeyValidation;dotnetng.template - 1.0.0.4;moxie-dom - 0.1.1-alpha.0;elliptic - 6.5.2;Sheelersoft.AngularTemplate - no_fix;jsdom - 11.11.0;VueTemplate - no_fix;sergiosgc/jsonschema-form - dev-dependabot/npm_and_yarn/js/elliptic-6.5.3;sergiosgc/jsonschema-form - no_fix;sergiosgc/jsonschema-form - dev-dependabot/npm_and_yarn/js/webpack-5.94.0;rustimate-client - no_fix;MIDIator.WebClient - 1.0.105;pwptemplatepusintek - no_fix;Fable.Template.Elmish.React - 0.1.6;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;ilhanet/erpnet-widget-resource - no_fix;Sheeler.AngularTemplate - no_fix;NorDroN.AngularTemplate - 0.1.6;electrscash - 1.1.1;PWPTemplateCMS - no_fix;deltasystems/dewdrop - dev-hotfix-check-href;org.webjars.npm:github-com-openpgpjs-elliptic:no_fix;org.webjars.npm:elliptic:6.5.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | ADJACENT_NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | HIGH |
| Availability (A): | NONE |