WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33252 Vulnerability in npm package snarkjs

Description

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Remediation

References

https://github.com/iden3/snarkjs/commits/master/src/groth16_verify.js

https://github.com/iden3/snarkjs/tags

Related Vulnerabilities

CVE-2022-37422 Vulnerability in maven package fish.payara.server.internal.web:web-core

CVE-2023-50422 Vulnerability in maven package com.sap.cloud.security:spring-security

CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway

CVE-2022-43401 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2023-40311 Vulnerability in maven package org.opennms:opennms-webapp

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Product NVD-CWE-noinfo