GHSA-xp5g-jhg3-3rg2

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-xp5g-jhg3-3rg2/GHSA-xp5g-jhg3-3rg2.json
Aliases
  • CVE-2023-33252
Published
2023-05-22T00:30:20Z
Modified
2023-05-30T23:12:12Z
Details

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

References

Affected packages

npm / snarkjs

snarkjs

Affected ranges

Type
SEMVER
Events
Introduced
0
Last affected
0.6.11

Affected versions