Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsA fix was pushed into the master
branch but not yet published.
org.webjars.npm:elliptic is a Fast elliptic-curve cryptography in a plain javascript implementation.
Affected versions of this package are vulnerable to Information Exposure due to the sign
function which allows an attacker to extract the private key from an ECDSA signature by signing a malformed input. A single maliciously crafted signed message can enable full key extraction for any previously known message-signature pair.