Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05d3g3LWpydmMtMjhtbc0W9Q

Signature verification vulnerability in Stark Bank ecdsa libraries

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Permalink: https://github.com/advisories/GHSA-9wx7-jrvc-28mm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05d3g3LWpydmMtMjhtbc0W9Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


Identifiers: GHSA-9wx7-jrvc-28mm
References: Repository: https://github.com/starkbank/ecdsa-python
Blast Radius: 1.0

Affected Packages

npm:starkbank-ecdsa
Dependent packages: 16
Dependent repositories: 201
Downloads: 223,991 last month
Affected Version Ranges: = 1.1.2
Fixed in: 1.1.3
All affected versions: 1.1.2
All unaffected versions: 0.0.1, 0.0.2, 0.0.4, 1.0.0, 1.1.0, 1.1.1, 1.1.3, 1.1.4, 1.1.5
nuget:starkbank-ecdsa
Dependent packages: 17
Dependent repositories: 299
Downloads: 67,949,651 total
Affected Version Ranges: = 1.3.1
Fixed in: 1.3.2
All affected versions: 1.3.1
All unaffected versions: 0.0.1, 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.2, 1.3.3
maven:com.starkbank:ecdsa-java
Affected Version Ranges: = 1.0.0
Fixed in: 1.0.1
pypi:starkbank-ecdsa
Dependent packages: 4
Dependent repositories: 981
Downloads: 5,438,113 last month
Affected Version Ranges: < 2.0.1
Fixed in: 2.0.1
All affected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 1.0.0, 1.1.0, 1.1.1, 2.0.0
All unaffected versions: 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.2.0