Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit fails for elliptic package #324

Open
damianobarbati opened this issue Oct 21, 2024 · 2 comments
Open

Audit fails for elliptic package #324

damianobarbati opened this issue Oct 21, 2024 · 2 comments

Comments

@damianobarbati
Copy link

$ pnpm audit
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ low                 │ Valid ECDSA signatures erroneously rejected in         │
│                     │ Elliptic                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ elliptic                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <=6.5.7                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ <0.0.0                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ services/bcm >                                         │
│                     │ @nomicfoundation/hardhat-chai-matchers@2.0.8 >         │
│                     │ @nomicfoundation/hardhat-ethers@3.0.8 >                │
│                     │ hardhat@2.22.13 > @ethersproject/abi@5.7.0 >           │
│                     │ @ethersproject/hash@5.7.0 >                            │
│                     │ @ethersproject/abstract-signer@5.7.0 >                 │
│                     │ @ethersproject/abstract-provider@5.7.0 >               │
│                     │ @ethersproject/transactions@5.7.0 >                    │
│                     │ @ethersproject/signing-key@5.7.0 > elliptic@6.5.7      │
│                     │                                                        │
│                     │ services/bcm >                                         │
│                     │ @nomicfoundation/hardhat-chai-matchers@2.0.8 >         │
│                     │ @nomicfoundation/hardhat-ethers@3.0.8 >                │
│                     │ hardhat@2.22.13 > @metamask/eth-sig-util@4.0.1 >       │
│                     │ ethereumjs-abi@0.6.8 > ethereumjs-util@6.2.1 >         │
│                     │ elliptic@6.5.7                                         │
│                     │                                                        │
│                     │ services/bcm >                                         │
│                     │ @nomicfoundation/hardhat-chai-matchers@2.0.8 >         │
│                     │ @nomicfoundation/hardhat-ethers@3.0.8 >                │
│                     │ hardhat@2.22.13 > @metamask/eth-sig-util@4.0.1 >       │
│                     │ ethereumjs-abi@0.6.8 > ethereumjs-util@6.2.1 >         │
│                     │ ethereum-cryptography@0.1.3 > secp256k1@4.0.4 >        │
│                     │ elliptic@6.5.7                                         │
│                     │                                                        │
│                     │ ... Found 286 paths, run `pnpm why elliptic` for more  │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-fc9h-whq2-v747      │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 low
@fanatid
Copy link
Contributor

fanatid commented Oct 21, 2024

why do we need copy-pasted text here? read more info on the provided link and find that the issue/pr already opened

#321
#322

@chadlwilson
Copy link

Fixed in 6.6.0 via #326 - you can close this issue now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants