WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33252 Vulnerability in npm package snarkjs

Description

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Remediation

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

https://github.com/iden3/snarkjs/tags

Related Vulnerabilities

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core

CVE-2021-34801 Vulnerability in npm package valine

CVE-2023-25822 Vulnerability in maven package com.epam.reportportal:service-api

CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.12

CVE-2023-38647 Vulnerability in maven package org.apache.helix:helix-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Product NVD-CWE-noinfo