The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
{ "github_reviewed": true, "cwe_ids": [ "CWE-347" ], "nvd_published_at": "2022-09-24T19:15:00Z", "github_reviewed_at": "2022-09-27T22:34:59Z", "severity": "HIGH" }