eth-ledger-bridge-keyring@0.1.1 vulnerabilities

A MetaMask compatible keyring, for ledger hardware wallets

Direct Vulnerabilities

Known vulnerabilities in the eth-ledger-bridge-keyring package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Authentication

eth-ledger-bridge-keyring is an implementation of MetaMask's Keyring interface, that uses a Ledger hardware wallet for all cryptographic operations.

Note: This package has been deprecated and replaced by @metamask/eth-ledger-bridge-keyring

Affected versions of this package are vulnerable to Improper Authentication. It affects users who are using this library to sign with a BIP44 account other than the first account. If a user is signing with the first account (i.e. the account at index 0), or with the legacy MEW/MyCrypto HD path, they are not affected.

How to fix Improper Authentication?

Upgrade eth-ledger-bridge-keyring to version 0.2.1 or higher.

<0.2.1