@stablelib/cbor 0.10.1

Direct Vulnerabilities

Known vulnerabilities in the @stablelib/cbor package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Uncontrolled Recursion @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding. An attacker can cause the application to crash or terminate unexpectedly by supplying a deeply nested, attacker-controlled CBOR payload that exhausts the call stack during recursive decoding. How to fix Uncontrolled Recursion? Upgrade `@stablelib/cbor` to version 2.0.3 or higher.	<2.0.3
C Improper Verification of Cryptographic Signature @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the `verify` function. An attacker can generate a second distinct valid signature for the same message without access to the private key by manipulating the S component of the signature to be greater than or equal to the group order L. How to fix Improper Verification of Cryptographic Signature? Upgrade `@stablelib/cbor` to version 2.0.3 or higher.	<2.0.3
H Prototype Pollution @stablelib/cbor is a CBOR encoder and decoder Affected versions of this package are vulnerable to Prototype Pollution via the CBOR decoding process. An attacker can manipulate the prototype of decoded objects by supplying specially crafted map keys, such as `__proto__`, which can lead to unauthorized modification of object prototypes and potentially corrupt configuration objects, influence authorization checks, alter feature flags, or disrupt application logic by injecting attacker-controlled properties. How to fix Prototype Pollution? Upgrade `@stablelib/cbor` to version 2.0.3 or higher.	<2.0.3

Vulnerability

Vulnerable Version

Uncontrolled Recursion

@stablelib/cbor is a CBOR encoder and decoder

Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding. An attacker can cause the application to crash or terminate unexpectedly by supplying a deeply nested, attacker-controlled CBOR payload that exhausts the call stack during recursive decoding.

How to fix Uncontrolled Recursion?

Upgrade @stablelib/cbor to version 2.0.3 or higher.

<2.0.3

Improper Verification of Cryptographic Signature

@stablelib/cbor is a CBOR encoder and decoder

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message without access to the private key by manipulating the S component of the signature to be greater than or equal to the group order L.

How to fix Improper Verification of Cryptographic Signature?

Upgrade @stablelib/cbor to version 2.0.3 or higher.

<2.0.3

Prototype Pollution

@stablelib/cbor is a CBOR encoder and decoder

Affected versions of this package are vulnerable to Prototype Pollution via the CBOR decoding process. An attacker can manipulate the prototype of decoded objects by supplying specially crafted map keys, such as __proto__, which can lead to unauthorized modification of object prototypes and potentially corrupt configuration objects, influence authorization checks, alter feature flags, or disrupt application logic by injecting attacker-controlled properties.

How to fix Prototype Pollution?

Upgrade @stablelib/cbor to version 2.0.3 or higher.

<2.0.3

@stablelib/cbor@0.10.1

CBOR encoder and decoder

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically