Medium – CVE-2020-28498 – The package elliptic before 6.5.4 are…

February 3, 2021

The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve.Latest news clusters for enRead More