Improper Input Validation Affecting snarkjs package, versions <0.7.0
Snyk CVSS
Attack Complexity
Low
Integrity
High
Threat Intelligence
EPSS
0.07% (29th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-SNARKJS-5595568
- published 23 May 2023
- disclosed 22 May 2023
- credit Unknown
Introduced: 22 May 2023
CVE-2023-33252 Open this link in a new tabHow to fix?
Upgrade snarkjs to version 0.7.0 or higher.
Overview
snarkjs is a zkSNARKs implementation in JavaScript
Affected versions of this package are vulnerable to Improper Input Validation that allows double spending because there is no validation that the publicSignals length is less than the field modulus.