Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-347" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:23:31Z" }