WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33252 Vulnerability in npm package snarkjs

Description

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Remediation

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

https://github.com/iden3/snarkjs/tags

Related Vulnerabilities

CVE-2021-21353 Vulnerability in npm package pug

CVE-2023-42399 Vulnerability in maven package org.webjars.npm:jodit

CVE-2023-28154 Vulnerability in npm package webpack

CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.sentsin:layui

CVE-2022-4116 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Product NVD-CWE-noinfo