Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33252 Vulnerability in npm package snarkjs

Description

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Remediation

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

https://github.com/iden3/snarkjs/tags

Related Vulnerabilities

CVE-2021-21252 Vulnerability in maven package org.webjars.npm:jquery-validation

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web

CVE-2019-19771 Vulnerability in npm package scryptys

CVE-2023-42399 Vulnerability in npm package jodit

CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Product NVD-CWE-noinfo