WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33252 Vulnerability in npm package snarkjs

Description

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Remediation

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

https://github.com/iden3/snarkjs/tags

Related Vulnerabilities

CVE-2022-39230 Vulnerability in npm package fhir-works-on-aws-authz-smart

CVE-2023-5572 Vulnerability in npm package @vrite/sdk

CVE-2019-19771 Vulnerability in npm package bitconi-ops

CVE-2021-41097 Vulnerability in npm package aurelia-path

CVE-2021-20262 Vulnerability in maven package org.keycloak:keycloak-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Product NVD-CWE-noinfo