WS-2019-0427 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0427

WS-2019-0427

Published:May 14, 2026

Updated:May 14, 2026

The function getNAF() in elliptic library has information leakage. This issue is mitigated in version 6.5.2

Affected Packages

elliptic (CDN_JS):

Affected version(s) >=6.3.1 <6.5.2

Fix Suggestion:

Update to version 6.5.2

genenotebook (CONDA):

Affected version(s) >=0.1.1 <0.3.0

Fix Suggestion:

Update to version 0.3.0

jsdom (CONDA):

Affected version(s) =11.0.0 <11.11.0

Fix Suggestion:

Update to version 11.11.0

elliptic (NPM):

Affected version(s) >=0.1.0 <6.5.2

Fix Suggestion:

Update to version 6.5.2

fable.library.template (NUGET):

Affected version(s) >=0.1.0-alpha002 <=0.1.0-alpha003

Fix Suggestion:

Update to version no_fix

fable.template.elmish.react (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

corevuewebtest (NUGET):

Affected version(s) =3.0.100 <3.0.101

Fix Suggestion:

Update to version 3.0.101

pwptemplatecms (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

vuetemplate (NUGET):

Affected version(s) =0.1.0

Fix Suggestion:

Update to version no_fix

indianadavy.vuejswebapitemplate.csharp (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

romano.vue (NUGET):

Affected version(s) =1.0.0 <1.0.1

Fix Suggestion:

Update to version 1.0.1

sheeler.angulartemplate (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

dotnetng.template (NUGET):

Affected version(s) >=1.0.0.1 <1.0.0.4

Fix Suggestion:

Update to version 1.0.0.4

nordron.angulartemplate (NUGET):

Affected version(s) =0.1.5 <0.1.6

Fix Suggestion:

Update to version 0.1.6

pwptemplatepusintek (NUGET):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

sheelersoft.angulartemplate (NUGET):

Affected version(s) >=0.0.1 <=0.0.2

Fix Suggestion:

Update to version no_fix

midiator.webclient (NUGET):

Affected version(s) >=1.0.98 <1.0.105

Fix Suggestion:

Update to version 1.0.105

oburatongoi/productivity (PHP):

Affected version(s) =dev-master <0.0.1

Fix Suggestion:

Update to version 0.0.1

trezebits/trezevel-gallery (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.0 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.3 <v2.0.3

Fix Suggestion:

Update to version v2.0.3

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =0.0.1 <0.0.2

Fix Suggestion:

Update to version 0.0.2

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-Reacting <dev-RestUpdate_PrimaryKeyValidation

Fix Suggestion:

Update to version dev-RestUpdate_PrimaryKeyValidation

flexxia/flexprimeng (PHP):

Affected version(s) >=dev-dev-demo-primeng-chart <dev-update-angularjs

Fix Suggestion:

Update to version dev-update-angularjs

elegantweb/laravel-admin (PHP):

Affected version(s) >=v2.0.4 <dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/browserify-zlib/tar-2.2.2

contentasaurus/c-rex-admin (PHP):

Affected version(s) >=v1.0.2 <v1.0.7

Fix Suggestion:

Update to version v1.0.7

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) =dev-dev <dev-form-field-key

Fix Suggestion:

Update to version dev-form-field-key

richardtmiles/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

zymawy/ironside-core (PHP):

Affected version(s) =dev-master <dev-utils

Fix Suggestion:

Update to version dev-utils

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/elliptic-6.5.4 <dev-feature/ISSUE-39

Fix Suggestion:

Update to version dev-feature/ISSUE-39

gheb/nn (PHP):

Affected version(s) =dev-installed-example <dev-master

Fix Suggestion:

Update to version dev-master

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-carbon <dev-feature/serialized_db_fix

Fix Suggestion:

Update to version dev-feature/serialized_db_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-master <dev-package/dbo

Fix Suggestion:

Update to version dev-package/dbo

deltasystems/dewdrop (PHP):

Affected version(s) =dev-feature/webpack <dev-hotfix-check-href

Fix Suggestion:

Update to version dev-hotfix-check-href

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.0 <v2.0.0

Fix Suggestion:

Update to version v2.0.0

flexxia/flexprimeng (PHP):

Affected version(s) =dev-anguarJs-v7 <dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2

oburatongoi/productivity (PHP):

Affected version(s) >=0.0.9 <0.0.13

Fix Suggestion:

Update to version 0.0.13

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-master <1.0.0

Fix Suggestion:

Update to version 1.0.0

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=v0.0.17 <0.0.56

Fix Suggestion:

Update to version 0.0.56

devsfort/fortblog (PHP):

Affected version(s) >=dev-dev <=1.0.1

Fix Suggestion:

Update to version no_fix

contentasaurus/c-rex-admin (PHP):

Affected version(s) =v1.0.0 <v1.0.1

Fix Suggestion:

Update to version v1.0.1

oburatongoi/productivity (PHP):

Affected version(s) >=0.1.0 <=0.4.45

Fix Suggestion:

Update to version no_fix

timoetting/kirby-builder (PHP):

Affected version(s) =2.0.2 <v2.0.2

Fix Suggestion:

Update to version v2.0.2

carbonorm/carbonphp (PHP):

Affected version(s) >=4.5.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

elegantweb/laravel-admin (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/public/components/admin-lte/chart.js-2.9.4 <dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/public/components/admin-lte/datatables.net-1.10.22

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/url-parse-1.5.3 <dev-dependabot/npm_and_yarn/url-parse-1.5.10

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/url-parse-1.5.10

chrisbraybrooke/laravel-ecommerce (PHP):

Affected version(s) >=0.0.4 <0.0.17

Fix Suggestion:

Update to version 0.0.17

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-StatsCoach <dev-always_send_request_body

Fix Suggestion:

Update to version dev-always_send_request_body

elegantweb/laravel-admin (PHP):

Affected version(s) >=v1.0.3 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

elegantweb/laravel-admin (PHP):

Affected version(s) >=1.0.x-dev <v1.0.2

Fix Suggestion:

Update to version v1.0.2

mayronalves/laravel-core (PHP):

Affected version(s) >=v1.0.0 <dev-dependabot/composer/symfony/mime-4.4.1

Fix Suggestion:

Update to version dev-dependabot/composer/symfony/mime-4.4.1

richardtmiles/carbonphp (PHP):

Affected version(s) =4.9.0 <5.0.0

Fix Suggestion:

Update to version 5.0.0

postboxcms/postbox (PHP):

Affected version(s) >=dev-dependabot/composer/symfony/http-foundation-4.4.8 <dev-dependabot/npm_and_yarn/browserslist-4.16.6

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/browserslist-4.16.6

richardtmiles/carbonphp (PHP):

Affected version(s) =dev-RichardTMiles-patch-1 <1.0.1

Fix Suggestion:

Update to version 1.0.1

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/ssri-6.0.2 <dev-dependabot/npm_and_yarn/ws-6.2.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/ws-6.2.2

kayrules/solatjakim-api-site (PHP):

Affected version(s) =dev-master <dev-version-1.0

Fix Suggestion:

Update to version dev-version-1.0

carbonorm/carbonphp (PHP):

Affected version(s) >=4.0.0 <dev-dependabot/npm_and_yarn/crypto-js-4.2.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/crypto-js-4.2.0

ilhanet/erpnet-widget-resource (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

richardtmiles/carbonphp (PHP):

Affected version(s) =4.5.0 <dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/view/assets/react/terser-4.8.1

sergiosgc/jsonschema-form (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/js/elliptic-6.5.4 <=dev-dependabot/npm_and_yarn/js/y18n-4.0.1

Fix Suggestion:

Update to version no_fix

postboxcms/postbox (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/axios-0.21.1 <dev-sanketraut-patch-1

Fix Suggestion:

Update to version dev-sanketraut-patch-1

rustimate-client (RUST):

Affected version(s) >=0.0.1 <=0.1.0

Fix Suggestion:

Update to version no_fix

moxie-dom (RUST):

Affected version(s) =0.1.0 <0.1.1-alpha.0

Fix Suggestion:

Update to version 0.1.1-alpha.0

electrscash (RUST):

Affected version(s) =1.0.0 <1.1.1

Fix Suggestion:

Update to version 1.1.1

Related Resources (1)

https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a

Do you need more information?

CVSS v4

Base Score:

Attack Vector

ADJACENT

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

NONE