GHSA-9wx7-jrvc-28mm

Source

https://github.com/advisories/GHSA-9wx7-jrvc-28mm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-9wx7-jrvc-28mm/GHSA-9wx7-jrvc-28mm.json

Published

2021-11-08T21:51:18Z

Modified

2024-02-21T05:51:38.430967Z

Details

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

References

Affected packages

PyPI / starkbank-ecdsa

Package

Name: starkbank-ecdsa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.0.1

Affected versions

0.*

0.1

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

1.*

1.0.0

1.1.0

1.1.1

2.*

2.0.0

Maven / com.starkbank:ecdsa-java

Package

Name: com.starkbank:ecdsa-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.1

Affected versions

1.*

1.0.0

NuGet / starkbank-ecdsa

Package

Name: starkbank-ecdsa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3.1

Fixed

1.3.2

Affected versions

1.*

1.3.1

npm / starkbank-ecdsa

Package

Name: starkbank-ecdsa

Affected ranges

Type: SEMVER
Events: Introduced

1.1.2

Fixed

1.1.3

Affected versions

1.*

1.1.2